• @OsrsNeedsF2P@lemmy.ml
    1511 months ago

    As someone interviewing for Canonical’s Security team (they make you do like 10 interviews, I’m like 5 deep over 3 weeks), I cannot imagine anyone security-minded writing that comment. It either:

    • Comes from higher up
    • Michal doesn’t think security is important
  • @PhysicsDad@lemmy.world
    2611 months ago

    Wasn’t Red Hat just complaining that Alma and Rocky didn’t add value because they weren’t submitting fixes upstream?

    • @pazukaza@lemmy.ml
      -1211 months ago

      — “we don’t like people ripping off our work without any added value”

      — “Here, let me push this to your staging environment, totally breaking your quality process”

      — “No”

      — “Well, what the hell do you want broo?”

      I don’t think they have ever hidden the fact this is about money. I don’t like the fact this is about money, but the fact that others were cloning and selling their efforts for a cheaper price is awful.

        • @pazukaza@lemmy.ml
          -311 months ago

          1. they are not breaking any law. This is totally allowed. You can use FOSS to create a commercial product.

          2. they are major contributors to the Linux space. And they’ll keep contributing.

          3. It’s their effort, they created a business around it, and it cycles back to push Linux forward.

          4. this isn’t even going to affect average users. This is going to take money from companies that probably have the money to pay. For other companies, there are other distributions available.

            • @pazukaza@lemmy.ml
              -111 months ago

              Well, the re-builders would be breaking the law now that the source code isn’t available for non-paying customers. They weren’t breaking the law before.

              So, do you expect every company to release the source code of their products just because they used a FOSS web framework or a FOSS programming language like Python? Or by the same logic, for companies to release the source code of their products if their developers use Linux in their development machines? Or if they use Linux to deploy their applications in the cloud? That’s such an unreasonable position.

                • @pazukaza@lemmy.ml
                  011 months ago

                  OK, so is Redhat breaking any license? Do you really think a company like Redhat would open itself to thousands of lawsuits like that. The CEO already explained that this is totally legal and covered by GPL. They are in fact distributing the source to the people receiving the product. This is exactly what GPL says. They are not forced to open the source code to people who aren’t getting the distributed software.

                  What is your complaint then? They are not breaking any law and they are following the GPL license.

                  I was using the webframework/language as examples because you said this wasn’t a matter of law but a matter of principle. So why does the principle apply to Redhat but not the million other products that totally depend on FOSS on their core?

                  So many projects do in fact distribute the FOSS, but they use more permissive licenses like MIT, Apache or LGPL. BUT you’re saying the law is not relevant, what matters is the principle. So why don’t everyone release their code if they depend on FOSS on their core products? Because they aren’t breaking the Apache or MIT licenses? Well, that’s great! Redhar isn’t breaking the GPL license either. Why must Redhat follow whatever subjective principles you have?

                  — “hey there’s this company creating a commercial product around FOSS. They aren’t breaking any license.”

                  — “Nice, as long as the licenses aren’t compromised”

                  — “It’s Redhat”

                  — “Those mofos! How dare they!”

    • @gomp@lemmy.ml
      1111 months ago

      Its funny how podcasters and commenters seem to have taken Redhat’s spin about “contributing value to the community” seriously, while to the rest of us the whole thing was obviously only about money (same as all the follow-ups from other parties… I would say “including Alma” but that would probably deserve its separate debate).

  • @cognitive@lemmy.ml
    6211 months ago

    Alma should use this as advantage for them. Now market it as “Alma Linux is more secure than RHEL”.

  • @Secret300@lemmy.world
    3411 months ago

    Alright, at first I was like okay red hat wants to make money to keep IBM happy. Now I just realize it’s not read hat anymore. Fuck that I’m moving to suse

      • @Tak@lemmy.ml
        2911 months ago

        Nobody has a problem with Red Hat keeping the lights on and people paid. IBM just wants to increase profit margins because capitalism is a flawed system about abusing whatever you can for personal gain.

    • Lilium
      711 months ago

      Red Hat literally became the first ever billionaire FOSS company (iirc), their pre-selling out business model was working perfectly fine.

    • d-RLY?
      711 months ago

      Truth! I wasn’t shocked that all the social media and entertainment companies all decided to treat the Covid years as if that growth was organic/normal (all retail stores started doing this much faster). As if people were just going to keep having the same amount of time to spend on them. Or in the case of sites like Reddit, they think that they are the creators of content instead of the location to get it. Companies like Red Hat are more jarring and seem like they would’ve been more realistic.

      The next two paragraphs are just a rant about companies and the government not really caring for stability long-run. Feel free to ignore.

      Of course people were going to start unsubbing now that they need to focus on actual things needed for just living. Covid has shown that all these greedy folks running (or holding shares) companies in all sectors refuse to just be focused on stability. They act like all the crazy large profits were all because of their “genius innovative ideas and leadership.” Of course that was going to happen to all the publicly traded companies, due to their literal legal obligation to always make numbers go up. But shit is beyond a bad way to handle the real material conditions of life. It also doesn’t help that the US did a worse job at doing things like monthly stimulus money compared to other places.

      A capitalist economy requires that people keep buying both needed and wanted things in order to keep things moving around. But instead of putting money into the hands of people, which would then likely buy more things or even have finally something to save for when things normalized (which would be helpful for making the falloff less dramatic). We barely got two total $2000 payments. Fuck, even just making sure folks could have money to finally get out of various debits would mean people could more easily justify keeping things like Netflix.

  • @andruid@lemmy.ml
    111 months ago

    I mean obviously for the community this is bad, but I 100% get that doing anything for free is best effort. They don’t even need to have this policy 100% of the time to make large orgs using FOSS with no SLA for vulnerability patching sweat. Which frankly they should.

    For real, I’m gonna use this as a tactic to say “we shouldn’t rely on software without warranty and support, FOSS or proprietary.”. Just to get money flowing to devs, because for it’s for real reckless to contribute nothing to keeping pieces of your critical infra secure

  • 𝘋𝘪𝘳𝘬
    211 months ago

    “You code has an issue, here is a fix for that issue ready to be used.”

    Corporate: no.