|
|
|
|
|
|
by strken
2726 days ago
|
|
|
When I read comments like those in this chain, the message I take away is "users cannot and should not expect to be able to use open source libraries in production unless they've vetted every line of code". This is probably true to some extent, but I'm worried about the consequences of it. Can someone no longer run an emergency services PBX on Asterisk because of the chance that it will start playing Jingle Bells, or that the Linux kernel maintainers will prefix the data in every packet with HOHOHO? If so, what does that mean for the future of open source, and how come it hasn't been a problem until now? |
|
|
you don't need to vet every line of code, but if you don't read release notes then you only have yourself to blame if it breaks.
the problem here is not the feature itself, but the fact that it was hidden and undiscoverable by testing.
had the authors make a "christmas release" with the feature being active unconditionally, then even without it being documented, any user should have noticed the feature in testing.
things like this haven't been a problem until now, and they won't be a problem in the future because generally people are aware that playing pranks is not always nice for the recipients.