> I understand the reasons for auditors (having been involved in audit > compliance myself for a while). I wasn't talking about any "shortcomings" > in the software. As I understand it you are saying that if the message isn't documented and isn't understandable then you get to read the source to figure out what it means... to me (and I think to many other computer professionals and software users) that is a big shortcoming of the software (that it does not produce output that can be understood short of reading the internals that produced it).
> The fact is that source for nearly everything running on > any Linux system is available. Operations folks are going to be able to get > access to that source. Period. I guess that is going to come as a big surprise to all those companies that produce OCO products... which is every company I've worked for since 1992 (and each of those companies produces software that sells into systems that include open source components)... this includes the device drivers for Linux on 390s too, which from the traffic on this list are clearly a source of issues. > No auditor in the world is going to be able > to change that, so they might as well face up to it and deal with it. No auditor that I have ever known of would just accept it if it represents a risk that is unacceptable to the company... they will assign a cost to that risk and let management make the managerial decision as to if that cost/risk/benefit trade-off should be made or not. Indeed, one of the costs that they should be examining is what the operational costs are (e.g. if operations staff have to read 20-100K lines of source to understand a message, then they will need a new and more sophisticated background... and that means that they will not only have less time to do the other aspects of their job (because researching the meaning of a message now takes longer), but they will also be more expensive resources (and likely harder to fill positions... few who can understand raw C will want to work in operations I'd predict).... These all represent real risks to the business! > Keeping the source for applications, VM and MVS away from operations workers > was and still is feasible, but not for Linux and the Open Source products > that run there. But "Linux & the Open Source products that run there" are not the only source (sorry ;-) of the "cryptic message" (as well as the highly related "cryptic help system" ;-) problem... if you ment to restrict your original comment to just these system, then I'm sorry that I misread your posting (though I still don't agree with it ;-). Peace. -njg
