A Small Note on Comparisons in the `xz` Fiasco
The xz
fiasco has made
fascinating reading
, and brought up some real questions about open source development and overall safety.
It’s also brought up a slightly malformed thoughts on ‘open source vs proprietary’.
If comparisons were to juxtapose operating system safety, then it seems misplaced, given that Windows, OSX, and Linux all use xz
.
The choice of OS doesn’t seem to help here.
Or if the comparison were to juxtapose development methods, this seems to compare a known thing - how xz
is developed - with an unknown thing - how Windows develops its tooling.
I can’t see what most of these comparisons really want to juxtapose. The various comments seem to leave this as an exercise to the reader.