Please remove me from your mailing list. Thank You. -----Original Message----- From: Post, Mark K [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 31, 2002 9:15 AM To: [EMAIL PROTECTED] Subject: Re: Messages Manual
Nick, I understand the reasons for auditors (having been involved in audit compliance myself for a while). I wasn't talking about any "shortcomings" in the software. The fact is that source for nearly everything running on any Linux system is available. Operations folks are going to be able to get access to that source. Period. No auditor in the world is going to be able to change that, so they might as well face up to it and deal with it. Keeping the source for applications, VM and MVS away from operations workers was and still is feasible, but not for Linux and the Open Source products that run there. Mark Post -----Original Message----- From: Nick Gimbrone [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 31, 2002 10:52 AM To: [EMAIL PROTECTED] Subject: Re: Messages Manual > That's going to be pretty tough to do for Linux/390 shops, unless they're > allowed to maim their operators by blinding them. :) Not something I would > recommend, in any case. I think auditors are going to have to change their > mindset a little in this area. Auditors exist for business reasons. Support computer systems exist for business reasons too. I think it is a little backwards to assume that shortcomings in software that might cause it to not meet some of the business needs mean that the auditors should abandon their goal of making sure that these systems meet the business needs... It is (for some businesses) the "right" thing for operations and development to be segregated to the extent that operations has zero access to the code. Just because some software does not make this easy does not mean that the goal should be abandoned. -snip-
