Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I see that as a sort of capitulation. What is actually needed is manufacturers who remain responsible and responsive when it comes to the quality of their drivers. They need to support them much longer than they currently do, and they need to release security fixes promptly.

I think having a sandboxed driver model is a great idea in general, but this will only encourage hardware manufacturers to care even less about supporting their drivers beyond the initial more-or-less-working release.



> What is actually needed is manufacturers who remain responsible and responsive when it comes to the quality of their drivers. They need to support them much longer than they currently do, and they need to release security fixes promptly.

That requires a level of investment in engineering competence that they aren’t doing because there is little incentive.

How would you suggest changing that?


When the support ends, drivers must be open-sourced.


That’s just a wish.

How do you create the incentive for it?


I think that just must be a law. I see no other possibility.


How would the law define ‘support ends’?

Also seizing source code at gunpoint seems antithetical to the notion of free software.


This is the question of security, see https://news.ycombinator.com/item?id=27387169.

> How would the law define ‘support ends’?

Whenever the company refuses to fix security bugs.


What if they don’t refuse - but are just slow or inefficient or produce bad fixes?


There exist more or less standard times for fixing security bugs. Let's say 90 days. If a company cannot provide security for their customers in a reasonable time, they must be held accountable.


Sure - typically the remedy for negligence would be compensation for the impact.

Seizing property at gunpoint doesn’t seem related to this.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: