On Wed, Jul 04, 2001 at 05:51:37PM +0800, Selena Sol wrote:
> >> Selena asked:
> >> What if there is a security hole in a CPAN module and the author is in
> >> the middle of final exams? What if you need to extend the module with
> >> customized features?
>
> > John replied:
> > Easy to do; you have the source. What's the problem?
>
> Hmmm, this is not what an enterprise client wants to hear. This clients
> wants to hear that she can call an expert at 2AM and have it fixed by 9. Not
> that she can find someone in her organization to figure it out eventually.
Can we *PLEASE* put this issue to rest?
Undeniable truth: there are companies that want problems fixed at 2am, want
someone to page, and want to stop hemorraging money at the rate of $1M/hour
and are quite willing to pay for that priviledge.
Undeniable truth: support contracts don't always provide that level of
support.
Undeniable truth: some would rather not spend the money and fix the problems
themselves, or pay on a per-incident basis to fix problems if/when they arise.
It's a **BIG** industry folks. We don't need just the one ring; we have
all three available. And, yes, all of those optoins are available to you
when you use Perl.
On a parting note, I'll remind everyone gathered here that CPAN modules
are open source and the author is not the sole support channel; citing
final exams and arrogant module authors is a straw-man argument.
Z.
