Hacker News new | ask | show | jobs
by night-rider 1457 days ago
Your concerns are valid but from the article:

> Firefox security patches are applied to prevent vulnerabilities

You are right about the reputation of the maintainers of LW though. The second this becomes abandonware I will ditch it.
3 comments
4oh9do 1457 days ago
> Firefox security patches are applied to prevent vulnerabilities

Sure, but at what rate? If Mozilla releases a critical patch today, and the core maintainer responsible for build maintenance is away on vacation for two weeks, what happens?

link
mrkramer 1457 days ago
That's the main problem behind FOSS; they are not incentivized to be 100% dedicated to the project. Their FOSS projects are labour of love not labour of money.
link
funcDropShadow 1457 days ago
You say it is a problem with FOSS projects. Isn't it more a problem with hobby projects? Some FOSS projects are hobby projects others not. As show cased by the fact that Firefox itself is a FOSS project.

Timely maintenance is also problematic with hobby closed-source projects or hobby apps on closed platforms, like iOS and Android.

link
mrkramer 1457 days ago
>You say it is a problem with FOSS projects. Isn't it more a problem with hobby projects? Some FOSS projects are hobby projects others not. As show cased by the fact that Firefox itself is a FOSS project.

Mozilla gets paid $500m a year by Google so that Google can be default search engine on Firefox. They have the money that keeps them "incentivized" although they are FOSS and nonprofit. Or in another words Gitlab and Github FOSS devs do not have salaries like Mozilla people do, the only thing they get is an occasional donation.

link
night-rider 1457 days ago
Valid point.
link
dblohm7 1457 days ago
One aspect of these forks that never gets mentioned:

It's great when a fork ensures that it is always taking security patches from upstream. But what about the code unique to the fork? Is that new code following the same security practices as the upstream project? Are enough eyeballs poking at it to get it the same security scrutiny as upstream?

link
mrkramer 1457 days ago
Open source is not safe by default. Read this: https://lwn.net/Articles/846272/
link