A step in the wrong direction, in an ocean of steps in the right direction (try 3)

Sun Jan 25 03:14:04 CST 2009

Hi wine team,

First let me thank you for providing wine software witch I see as a
strong asset in the expansion of free software and as a useful tool
for people (like me) already using free software wherever possible. At
this point, Wine is at a very good level both in API coverage, quality
(less and less hack, more and more nice and clean solutions) and
efficiency. Reaching that level required a tremendous work in all
kinds of domains (implementation, coordination, patch value judgment,
test suite...). In this regard I want to thank you again and
congratulate you all guys, what you have done so far is quite an
achievement.

This week however I was quite puzzled by one commit : "kernel32: Make
GetOverlappedResult crash on NULL args as native does."(1)

As I'm following wine only for a short time (count in months, not in
years) I guess reproducing windows unfixed defects is a choice
(although I am not sure this decision comes from consensus or from a
boss statement) made by wine team.

Thinking about it I see only one argument justifying it's the good
direction : for the sake or portability from wine to windows
platforms. For example, a firm using wine on a free-OS platform, for
software development with a Windows target platform.

Relying on this assertion (which someone may demonstrate me to be
false, secondary or incomplete), I'm afraid that wine take a step in
the wrong direction from what seems to me the third major reason to
switch from non-free OS platform (typically Windows) from free-OS
platform. Those 3 main reasons are for me :

1 - Freedom (possibility to browse sources, self-compile from sources
and even modifying them)

2 - Free from charge

3 - Communicating openly about known defects in software, fixing
defects without respects for commercial stakes (ex: hide bug until the
xxth release, or not fixing a known bug until it is publicly
discovered)

To summarize, I'm stating that removing the clean and safe way to
handle NULL parameters in this function to fall back to bad and dirty
crash, exposing security issue for user (a software can be created
specifically by a ill-intentioned one to exploit this defect), all for
the sake of being as bad as Windows is, is a step in the wrong
direction.

I feel sad enough about it, and I think it can prevent advertised
people to use it but above all to recommends Windows user to go for
free-OS platform with usage of wine for their needs not covered by
free-software (like proprietary format).

Nevertheless, just as I said, I'm still very enthusiast about wine and
still think it's great and very useful. I will continue to use it,
promote its usage when suitable, and also warn about its known defects
people around me.

Guillaume

(1) for reference : 32cc4011ee04046d41a41549d5a6a6233647f756 from 22/01/2009

PS : I am fully aware that free software have defects too, some of
them being security issue. I am also aware, that in a software as huge
as wine, reaching even a medium security level is a real strong
challenge, increased by the defects in Windows API design. I am also
fully aware that security is a process, not a product.