ZDNet UK: Without Peer [a look back at Red Hat's Piranha problem]May 21, 2000, 16:05 (0 Talkback[s])
(Other stories by Charles Babcock)
"The recent incident in which Red Hat included a default log-in for its Piranha clustering modules - raising security concerns about the product - illustrates the point. Lead developer Philip Copeland complained in an online diary that "the Piranha package was literally nailed together a day before the CD had to be finalised, so there was less than 24 hours for other people to review the code."
"Red Hat Linux 6.2 included parts that were rushed together at the last minute, something like a commercial product being stamped out on deadline. But Copeland's complaint contains the clue to the cure: "other people to review the code."
"In most open source projects, other people review a programmer's work and review it with a certain amount of glee. The code is banged on and tested in ways its author never intended, because programmers with experience drawn from different parts of the universe are preying on it, looking for holes."