HyperWiki

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
en:project:update_philosophy [2024/04/05 00:17]
throgh 		en:project:update_philosophy [2024/08/09 01:47] (current)
throgh [Conclusion]
Line 23: Line 23:
 It seems that as part of the effort to gain these permissions, Jia Tan used an interesting form of social engineering: From the current perspective and status of the on-going analysis that person or even more actors used fake accounts to send myriad feature requests and complaints about problems to pressure the original maintainer, eventually causing the need to add another maintainer to the repository. It seems that as part of the effort to gain these permissions, Jia Tan used an interesting form of social engineering: From the current perspective and status of the on-going analysis that person or even more actors used fake accounts to send myriad feature requests and complaints about problems to pressure the original maintainer, eventually causing the need to add another maintainer to the repository.
  
-After contributing to the code for approximately two years, in 2023 Jia Tan introduced a few changes to XZ that were included as part of release 5.6.0 and also 5.6.1. Among these changes was a sophisticated backdoor to get full control over running SSH daemons. As the before mentioned actors also reported further towards different systems to enforce them to do upgrades for the released versions including the backdoor.+After contributing to the code for approximately two years, in 2023 Jia Tan introduced a few changes to XZ that were included as part of release 5.6.0 and also 5.6.1. Among these changes was a sophisticated backdoor to get full control over running SSH daemons. As the before mentioned actors also reported further towards different systems to enforce them to do upgrades for the released versions including the backdoor, more known good intended mechanisms were used damaging the essential trust.
  
-As Hyperbola is not following those approaches and also rejects most time to do newest upgrades there was no risk but nevertheless the dangers within those described approaches show how much pressure is upon free, libre software in the current times. Besides the most important part of free software was now attacked, the level of trust within people using their own time to develop software with good intentions, this also shows how much political this attack is.+As Hyperbola is not following those approaches and also rejects most time to do newest upgrades there was no risk at that point but nevertheless the dangers within those described approaches show how much pressure is upon free, libre software in the current times. Besides the most important part of free software was now attacked, the level of trust within people using their own time to develop software with good intentions, this also shows how much political this attack is.
  
 ===== Example #2: Using GCC-8 for HyperbolaBSD ===== ===== Example #2: Using GCC-8 for HyperbolaBSD =====
 +
 +We have mentioned before that we follow the approach to optimize our packages with every new released version and this includes also our implemented compilers and environments for programming. For **HyperbolaBSD** we surely want to use newer standards alike [[https://en.wikipedia.org/wiki/C17_(C_standard_revision)|C17 (gnu17)]].
 +
 +The reasoning is the same as mentioned before: Minimalism but also the focus on clear and clean code. When a software is running likewise fine with the used environment, foremost free from errors, it is also quite more easy to focus on later updates, including enumerating and evaluating possible problems. Following only the paradigm to "upgrade fast and without compromises" this ends always in unseen spots, which later surely get hold in severe errors and bugs.
 +
 +Our pre-alpha nevertheless will follow first the approach to use GCC-4 with [[https://en.wikipedia.org/wiki/C99|C99]] as base. Therefore you can also see the progression within as said the following up development for further releases will conclude as said in usage of GCC-8 and the migration of the working code-base established throughout C99 first.
 +===== Conclusion =====
 +
 +Withing this article we have explained more in detail why Hyperbola as system-project do not want to follow the principle for inclusion "always the newest releases". Besides this is also no promise for more security ([[https://wiki.hyperbola.info/doku.php?id=en:project:update_philosophy#example_1issues_for_liblzma|Example #1]]) we can also conclude that this would risk the stability of our system and further development: Knowing the dependencies, understanding the system and working out a good, secure development. The lesser, the better and cleaner!
 +
 +We have no interest to provide the newest releases of software-projects as we have our own vision how the system should work for the users. And providing always the newest versions can be also not the best ideas when it comes to stability and security. Yes, this maybe not the most convinient perspective especially towards webbrowsers. But please have in mind that first and foremost free, libre software is executed local on the computer and not in some webbrowser. If this is your idea doing so, Hyperbola is not the system to be installed for your usecases.