You are not logged in.
Hi folks,
thank you for continuing this thread.
I am indeed a person on my own, and not any duplicate account.
My original interest in q4os was based on its low resource requirements while still having a solid debian base.
I am working at school and we thought about re-using our old notebooks by installing a very lightweight yet stable OS for our students.
We cannot do this blindly without generating trust in the team distributing the OS due to legal rules.
I appreciate that you still follow up the questions from this thread and put the answers in a central place.
But since it will take time, we will stay away from q4os for now.
Next year, we will re-evaluate our decision and it would be great to see a more mature q4os then.
Offline
I am working at school and we thought about re-using our old notebooks by installing a very lightweight yet stable OS for our students. We cannot do this blindly without generating trust in the team distributing the OS due to legal rules.
You are welcome to contact us directly via e-mail https://www.q4os.org/contact.html . It would be a better way indeed
Offline
As an aside, to the Q4OS team, you should sticky the "Q4OS source code" thread so that it's always visible.
Methinks -- as noted by crosscourt -- that could be the embryo of a developer oriented FAQ section, too...
Last edited by Midas (2022-11-08 12:08)
Offline
3a) Does anyone unaffiliated with your company review Q4OS' source code?
We cannot state any verifiable unaffiliated party what do review of Q4OS' source code.
Read more .. https://www.q4os.org/forum/viewtopic.ph … 719#p23719
Offline
3b) Do they sign off on changes made to it?
We don't have such information as we have already answered here https://www.q4os.org/forum/viewtopic.ph … 719#p23719
Offline
Indeed Midas thats what I was hoping for, an FAQ area plus additional developer info on the main page of the site. Any additional questions can then be handled in the forum or thru a direct developer link/email.
Q4OS Aquarius 5.x KDE HP Elitedesk 705 G4 Mini - Ryzen 5 2400g, 16gb ddr4, 1tb m.2 nvme ssd
Offline
4a) Who would be held accountable if any vulnerable or malicious code were to be discovered after it was merged and pushed out to users?
The same way as for any other software publisher or Linux distribution, we assume the person or organization who would release a malicious code deliberately would be held accountable. We consider this question pointless in the given context.
From our internal point of view, the project leader is responsible for binary packages. He merges the code from core developers and ohter sources, compiles it, and loads packages into the public repositories.
Offline
4b) How would they be held accountable?
As we are a small team, we can afford simple internal development rules and relations, as it was partially mentioned in the previous posts. If it was gross negligence or even an intent, we really wouldn't collaborate with such a person anymore. Of course, it could be a matter for court as well. Just another pointless question.
Offline
4c) On what timescale would such a vulnerability be revealed to users?
As soon as a fix would be released.
Offline
4d) How would it be revealed?
Via forum, Twitter and other possible public channels.
Offline
4e) On what timescale could users expect such a vulnerability to be patched?
It depends on complexity of the fix. As soon as possible, ideally immediately, of course. We are not able to answer this question more specifically.
Offline
4f) How can users seek assistance and/or redress in such a contingency?
We provide non-commercial support via public forum or e-mail. The same way as for other Linux distributions and in accordance to the licenses used, the free software packages are provided gratis, with no warranty.
Support, responsibility and warranty for commercial projects are arranged by an agreement on individual basis.
Offline
All the questions 4a) - 4f) would be relevant rather to the major software companies such as Microsoft, Apple, Google and others with significant financial gains.
@user could try to put these questions to them and share the results here. It could be quite interesting, but we really doubt, they would make an effort conscientiously answer
Offline
6a) Have any steps been taking to get http://www(dot)q4os(dot)de/ and http://www(dot)q4os(dot)net/ unlisted from DistroWatch?
No, we don't control Distrowatch entries. We inform them about significant Q4OS releases.
Offline
6b) Why are https://www(dot)q4os(dot)org/downloads1(dot)html, https://www(dot)q4os(dot)org/downloads3(dot)html, https://www(dot)q4os(dot)org/documents(dot)html and https://www(dot)q4os(dot)org/shop/ copyright 2022; but is https://www(dot)q4os(dot)org/contact(dot)html copyright 2017; are https://www(dot)q4os(dot)org/index(dot)html and https://www(dot)q4os(dot)org/developer(dot)html copyright 2020; and are https://www(dot)q4os(dot)org/blog(dot)html and https://www(dot)q4os(dot)org/downloads3(dot)html copyright 2021?
They are just outdated entries, they will be fixed.
Offline
6c) If you let your webdomains and copyright notices expire without taking steps to remedy this, what prevents that same thing happening with signing keys, security certificates, etc.?
The copyright notices have not expired as mentioned in the previous answer. Our webdomains haven't expired, that's just not true. There is no reason for us to let our signing keys and certificates to expire. What should prevent any other entities, or companies, from keys and certificates to expire ? This question seems to us meaningless.
Offline
7a) Why does your webshop sell $1000 gift cards? (Please tell me that isn't for commercial support.)
Q4OS webshop is based on the OpenCart open source project. The gift cards option has been adopted from the default OpenCart configuration. A buyer can choose any gift voucher price beginning from $1. This option hasn't yet been intended for commercial support, it's just the default OpenCart configuration. The option is quite hidden, and noone has made ever use of it. We may check and possibly update it in the future to be more usable according to focus of Q4OS.
Offline
7b) Assuming their inclusion is unintentional, what guarantee can you give users that similar oversights are not present in Q4OS itself?
We don't consider the gifts cards option in webshop as an oversight. It's just a default OpenCart option. If a buyer wants to use it, he needs explicitly select the gift card item and enter a price at his will. He doesn't have to, indeed. The webshop doesn't force buyers to use the gift card, we don't consider that a bug.
We consider your question misleading, it obscurely foists an idea of oversights in Q4OS. In anyway, no project, nor comertial ones, can guarantee a bug free system without possible oversights. But we are trying to be as much as possible careful to avoid oversights.
Offline
@user is now gone. His questions are clearly important to him. From that point of view I think he put his questions politely.
From the point of view of a developer/packager/distributor of FOSS software, committing considerable personal time & resources to provide this FREE service, with No Obligation or strings attached, to anyone who might care to make use of it, I would (personally) find the questions irritating. I would not want to defend my voluntary work against someone demanding answers to their questions as if they are entitled to anything more than the free use of that effort.
I applaud all of those individuals who do so much voluntarily and almost always thanklessly. They need encouragement, not demands.
Guarantees? Peer-review? For obvious commercial reasons, the competition does not peer-review proprietary software. As for guarantees, perhaps you get them, but if so, only if you paid for them. Read your proprietary software EULA carefully; you often purchase the ”use” of proprietary software rather than own it. I like q4os, and I use it knowing there *might* be risks. My choice. They owe me nothing; I’m indebted to *them*.
Offline
I like q4os, and I use it knowing there *might* be risks...
We believe that the risks associated with using Q4OS are the same as with using a regular Linux distribution.
What risks do you mean, would you specify please ? It's important for us to know. We would also be able to respond somehow.
Offline
I think he put his questions politely.
We don't think @user was quite polite. The pure questions itself are correct, but the tone and his remarks looks to be intended to down Q4OS reputation. Why did he start to talk about censorship for example ?
Offline
PacificSpray wrote:I like q4os, and I use it knowing there *might* be risks...
We believe that the risks associated with using Q4OS are the same as with using a regular Linux distribution.
What risks do you mean, would you specify please ? It's important for us to know. We would also be able to respond somehow.
I agree, and I didn’t mean to imply anything but exactly that.
I have used several Linux distributions and feel the same about all of them.
Whatever the risks, real or imagined, it is my choice, and I am grateful to have the opportunity to make that choice.
Offline
PacificSpray wrote:I think he put his questions politely.
We don't think @user was quite polite. The pure questions itself are correct, but the tone and his remarks looks to be intended to down Q4OS reputation. Why did he start to talk about censorship for example ?
Good point; the narrative did become rather strident & strange, for which I personally would have been irritated by. But I wasn’t referring to the content of his complaint, but the tone, which I thought was mild. Perhaps I’ve been reading too many complaints on the Internet….
Offline