> [Note: I have no particular extra "inside" information about this topic > - this is solely my opinion as a sysadmin, and I speak for no one but > myself] > > > In all honestly, if an entity makes an Operating System available for > free, then security fixes should be provided as Good Citizenship. > Naturally, I'm assuming that the entity has a development organization > behind that OS, and that it is actively working on all sorts of patches, > for both paying and non-paying customers. But to offer an insecure > product (or one which rapidly becomes insecure, which, let's face it, is > /all/ software) and fail to provide basic security patches is Bad Faith, > in my opinion.
I agree with this completely. I had to stop and think about the rather ugly retrograde hole in telnet that shipping on the actual hard media for Solaris 10 at some point. To not offer security patches, freely, is a major weakness. However there must be a sustaining revenue base for engineers to work. > Preferentially, I think a reasonable thing for Oracle to do with Solaris > is the following: > > (1) Quit giving away Solaris 10. Instead, provide several different > Support Contract levels for Solaris 10, with a very basic one providing > /solely/ security patches for some nominal fee (<$100/yr/server). Other > gradiations as desired, of course. Here I agree. The Sparc systems can have an RTU on the hostid again. Just like the old days. I have no idea how you would track x86 systems given that the iso images are in the wild and you just can not stop people from passing torrents. > (2) Continue to do (most) development work out in the open in > OpenSolaris, and provide FREE access to everything in the OpenSolaris > repos. Use this as the "first-one's-free" hook to get people > introduced to Solaris as an OS. And, of course, get all of us to do > beta-testing for it. :-) Honestly, I think it's entirely reasonable > for Oracle to declare that There Shall Be No Support Contract for > OpenSolaris - it's a development platform, and I think efforts are > better spent in moving along the development effort as a whole than > having to dedicate some folks to support services. I have a problem with software where there is no support contract of any kind. There are too many IT environments that will simply not accept software which does not have a paper trial and a support contract. That is still firm policy in some places regardless of the noises made by the masses with their hands out. We really do need to realize that this is 2010. Not 1994. There are vast talented organizations that have a business objective to crack and hack and attack networks and information access points. Internally also. All operating systems today and forever in the future must give serious thought to security and quality engineering. That can not be done without an established revenue stream. Simply put, any business minded individual in a customer IT division would ( and should ) look away from software which does not have a support contract. The absence of that support and revenue stream is a clear indication of lack of quality. Right or wrong, true or false, people make decisions on purchases and IT policy with arguments like this. I am sure you have experienced the "real world" and it is very far from the ivory tower. It it simply full of politics, baseless opinion and fighting middle management attempting to establish their own world view within some corporation somewhere. Its amazing to me that some places ( half of Fortune 100 and ALL of government agencies ) create a product or service and can function at all. Sorry for the digression but the point I am trying to make is that software without a support contract is simply unacceptable and the RFP gets pushed onto the floor before you get past the table of contents. That is the "real world". Want a good product with a future? Ensure it makes money as its first feature and everything else is secondary. -- Dennis Clarke [email protected] <- Email related to the open source Solaris [email protected] <- Email related to open source for Solaris _______________________________________________ opensolaris-discuss mailing list [email protected]
