Linus's Law

Linus's Law can refer to two different notions, both named after Linus Torvalds.

Linus's Law according to Eric S. Raymond

Linus's Law according to Eric S. Raymond states that "given enough eyeballs, all bugs are shallow". More formally: "Given a large enough beta-tester and co-developer base, almost every problem will be characterized quickly and the fix will be obvious to someone." The rule was formulated and named by Eric S. Raymond in his essay "The Cathedral and the Bazaar".

Criticism

Some studies have contested Linus's Law. Software development experts Robert Glass, Michael Howard and David LeBlanc have stated that application of Linus's Law can lead to security and software maintenance problems^[1][2] citing the relatively small number of contributions made to open-source projects by "outside" people — that is, people not belonging to a small core group of developers. This is largely the result of the necessary investment developers must make in setting up a build environment and understanding a piece of code before they can effectively contribute to it. Some projects also distrust external contributions, fearing that they might create difficult-to-find bugs or security holes, and so these projects create an inconvenient review process which can hinder external development.

Microsoft, as part of their "Get the Facts" campaign to advertise Windows Server, published in 2007 a statement from "Apache Foundation director of security Ben Laurie" (in reality, the organization is called the Apache Software Foundation, and Laurie was chair of the security team - the foundation has no director of security) saying that “Although it’s still often used as an argument, it seems quite clear to me that the “many eyes” argument, when applied to security, is not true.”^[3]

Laurie clarified this statement on his blog,^[4] saying that what he meant was that simply having many people reading the code was not a guarantee of finding all flaws, not that the "many eyes" did not help to discover flaws. He also argued that open-source code is a better guarantee of security, since anyone is free to examine the code and look for flaws, contrasted with closed-source code, where one has to trust the vendor when they say that it is secure.

Raymond himself has criticised oversimplifications of this law.^[5]

Linus's Law according to Linus Torvalds

Linus Torvalds himself also describes a notion as Linus's Law in the prologue to the book The Hacker Ethic: "Linus's Law says that all of our motivations fall into three basic categories. More important, progress is about going through those very same things as 'phases' in a process of evolution, a matter of passing from one category to the next. The categories, in order, are 'survival', 'social life', and 'entertainment'."^[6] This idea is similar to that of Maslow's hierarchy of needs.

Other usages

Linus Torvalds wrote in a GNOME-related mailing list discussion, in a tongue-in-cheek fashion, that "Linus's Law (nr 76 of 271)" was "Don't claim to have a config option, if you don't actually have the UI to change it."^[7]

See also

• Peer review
• Adages named after people
• Collaborative software development model

References

<templatestyles src="Reflist/styles.css" />

1. Glass, Robert L. Facts and Fallacies of Software Engineering. ISBN 0321117425
2. Howard, Michael and LeBlanc, David. Writing Secure Code, Second Edition. ISBN 0735617228
3. http://www.microsoft.com/windowsserver/compare/compare_linux.mspx
4. Links » Bad Science at Microsoft

es:Ley de Linus it:Legge di Linus he:חוק לינוס hu:Linus törvénye nl:Wet van Linus pl:Prawo Linusa pt:Lei de Linus zh:林纳斯定律