Thread: Finally got 1
View Single Post
Old 08-21-2020, 08:38 AM   #31
NullNix
Guru
NullNix ought to be getting tired of karma fortunes by now.NullNix ought to be getting tired of karma fortunes by now.NullNix ought to be getting tired of karma fortunes by now.NullNix ought to be getting tired of karma fortunes by now.NullNix ought to be getting tired of karma fortunes by now.NullNix ought to be getting tired of karma fortunes by now.NullNix ought to be getting tired of karma fortunes by now.NullNix ought to be getting tired of karma fortunes by now.NullNix ought to be getting tired of karma fortunes by now.NullNix ought to be getting tired of karma fortunes by now.NullNix ought to be getting tired of karma fortunes by now.
 
Posts: 929
Karma: 15576314
Join Date: Jan 2013
Location: Ely, Cambridgeshire, UK
Device: Kindle Oasis 3, Kindle Oasis 1
Quote:
Originally Posted by rcentros View Post
The repositories for Linux Mint (one example, what I use) are way out of date.
... though frankly except for Python 3 support and fixed-up news recipes (which are wonderful!), even Calibre 2 still worked perfectly well for me. I don't understand why Kovid thinks his software in particular is so special that it is a massive sin if people want to keep it stable and unchanging for a couple of years (as you would if, y'know, you're using it for critical workflows like keeping your library going). The only other person I know of with this attitude is Jamie Zawinski with XScreenSaver (and at least that is software that can have serious security implications and Jamie is a semi-legend who is *very* good at working them out, so his attitude is almost justifiable).

If every author had this attitude, you'd have to maintain literally *thousands* of packages yourself, and you'd have no time left to do anything else and your system would probably not work very well. Why is Calibre more special than everything else on your system? e.g. LibreOffice is vastly more complex but you don't see the LO maintainers saying "don't use the distro LO it's always broken use our stuff from upstream".

(I further note that the one time there was a serious security hole in Calibre, a very long time ago now, the distros reported it, and Kovid reacted commendably fast and... kicked up a huge fight over it and generally acted exactly like you'd hope the author of software recently discovered to have rootable security holes wouldn't. I literally know people who have used that bug thread as an example in security training.

A few days after it hit the news and sprayed terrible everywhere, Kovid did remove the frankly entirely unnecessary code that had the trivial root hole in the first place, but only after implementing five or six completely hopeless "fixes" that wouldn't come close to fixing the problem. After that, I don't really trust Kovid's security posture, which is a bit worrying given that this software pulls stuff off random Internet sites. I would say that if you want a secure system, and you don't need new features in newer Calibres, don't use Kovid's Calibre. Use your distro's. This is a good general rule: the distro is more likely to be secure and well-integrated than random upstreams are. That is, after all, the distro's job.)

(disclaimer: I work for a distro vendor, though not on the distro. Oh and note that the thank-god-not-security-critical software I'm a maintainer for, I'm quite happy to have people use literally years'-old versions of, versions randomly hacked by distros etc. Maintainers cannot and should not attempt to dictate what versions of their software people should use, let alone badmouth people distributing it for free.)
NullNix is offline   Reply With Quote