[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [ProgSoc] pine
At 12:12am on the 17th of April, Anand Kumria wrote:
> On Tue, Apr 16, 2002 at 03:46:57PM +1000, Nicholas FitzRoy-Dale wrote:
> > That's so lame.
> Encouraging people to use a better alternative is lame? Next you'll be
> saying that popping up a message if people used Netscape pointing out
> Mozilla was dumb.
Some of your comments are reasonable, but mostly they are total hogwash.
Your claim, for example, that Free software is magically updated to the
latest patched version (or even that it is always fixed faster than non-Free
software) is ridiculous. Plenty of Free software remains vulnerable to
security patches in its main tree for ages. PHP-Nuke comes to mind.
Even if Free software *was* always patched faster than non-Free software,
that doesn't imply that users are always running the latest version. Of
course, users with a conscientious system administrator would not have to
worry about this problem so much. I notice, on the other hand, that the
version of Pine on ftoomsh is very old, and it is certainly not difficult
to upgrade; presumably you are only concerned about the safety of your
users if their software choices matches your political ideology.
Incidentally, perhaps you could provide references for the security
vulnerability you mention. I can't find any mention of such a long-standing
vulnerability. The closest I get is a link from the UW Pine Security page
talking about a problem with the default *mailcap* distributed with some
Unices. But if there is a bug that I've missed, I'd obviously appreciated
hearing about it.
> That removes quite a lot of work from the admins shoulders and generally
> means we can focus on getting other things working better. Hopefully
> you have been noticing that Progsoc is running a lot better recently.
I understand that you and others have done a lot of work for Progsoc. I
really appreciate that. But writing a shell script saying "Pine isn't Free,
upgrade to mutt", pausing five seconds and then running pine is ridiculously
immature, not to mention an abuse of power, and I'm surprised you need me to
point this out. It sounds silly, but I'm disappointed in you.
As CSO, make a case for the removal of Pine from Progsoc systems. Mention
long-standing security vulnerabilities, and point to the difficulty of
upgrading to bug-free versions. If you can't do this, or there is too much
of an outcry over the removal of what is still a fairly popular email
client, then I expect that, as CSO, you will undertake to ensure the
security impact of the program is minimised without inconveniencing users.
Incidentally, I know a large number of people who still use Netscape. They
have older machines and Mozilla is too slow and clunky for them, or they are
simply used to Netscape and don't see any compelling reason to change. It is
high arrogance to presume that they are not aware of their decision,
arrogance to presume that your choice is "better", and arrogance to annoy
them until they change their mind.
As far as I am aware, there is now a version of Pine available which does
not contain any known security vulnerabilities. I am volunteering to
maintain Pine on Ftoomsh. If you do not want to maintain it yourself, I will
gladly do so.
- Nicholas FitzRoy-Dale
Q: Can I have a conversation with you?
A: Have two, they're small!
You are subscribed to the progsoc mailing list. To unsubscribe, send a
message containing "unsubscribe" to email@example.com.
If you are having trouble, ask firstname.lastname@example.org for help.