Subject: Re: Fwd: Re: Microsoft: Closed source is more secure
From: Russell Nelson <nelson@crynwr.com>
Date: Sun, 6 May 2001 01:21:26 -0400 (EDT)

Lynn Winebarger writes:
 > > What is the problem with djbdns (apart from the fact that it is
 > > not Free Software)?
 > 
 > (a) personality of the author as seen in Internet postings (usenet/web pages)
 > (b) poor documentation, if qmail is any indicator
 > (c) odd way of writing source code, if qmail is any indicator
 > (d) odd build process, if qmail is any indicator
 > (e) odd license and infrequent updates to official source (if qmail ....),
 >  which exacerbate the effects of b,c, and d.   

Lynn, I personally don't evaluate software based on the personality of
the author.  I've heard that some people do, but I think it's rather
childish.  The documentation for djbdns is in fact rather well
written, however in order to appreciate this, you have to read it.
Many people simply Fail to Read The Manual (FRTM), which is probably
the source of the common reply they get: RTFM.  Yes, djbdns avoids
using many functions in the C library, for good reason: they produce
unreliable code.  Take, for example, strchr.  What it returns (a
pointer to the first-found character in a string) is useless without
first checking it to see if it's null.  The ideom looks like this:
    x = strchr(s, c);
    if (x) /* x points to c */;
    else /* there is no c in s */; Any time you see strchr used
outside of that ideom, you have unreliable code.  Dan uses instead
str_chr, which returns the offset from the beginning of the string to
the first character, or to the first null.  Such a value can be used
without first testing to see if it is null.  The "odd build process"
that you refer to involves downloading the tarball, extracting it, and
running "make".  IMHO, having to run "./configure" first is part of an
even odder build process.  As far as infrequent updates to qmail goes,
you must understand that qmail is a Unix program.  It does not come
tailored to your environment, nor to anybody's environment.  Neither
do cat, tail, grep, sed, awk, or any other of the standard Unix tools.
You should expect to have to configure qmail to your environment.
This is the Unix philosophy; stop acting so helpless.

That gets us down to the license.  Yes, qmail and djbdns are not open
source, nor free software by RMS's definition.  However, you have the
source, and you are free to redistribute it, you are free to
distribute patches (but not pre-patched source), and you are even free
to distribute binaries produced from unmodified source.  The only
thing that stops Dan's software from being open source is his refusal
to allow distribution of modified source or binaries.  If everyone
produced software of equal security and reliablity as Dan Bernstein,
then Open Source would have no legs.

-- 
-russ nelson will be speaking at http://www.osdn.com/conferences/handhelds/
Crynwr sells support for free software  | PGPok | Mailing lists should not set
521 Pleasant Valley Rd. | +1 315 268 1925 voice | Reply-To: back to the list!
Potsdam, NY 13676-3213  | +1 315 268 9201 FAX  | http://russnelson.com/rt.html