If you want to get closer to the people who can actually act on your proposal,
it should go to indiana-discuss, not opensolaris-help, which is a forum for
users to help their fellow users.
-Alan Coopersmith- alan.coopersmith at sun.com
Sun Microsystems, Inc. - X Window System Engineering
Nikola M. wrote:
> Title:
> Opensolaris releases unsecure by default, or:
> Why are Opensolaris stable 2009.06 users forced to pay for security updates?
>
> *Problem:
> Users installing 2009.06 Opensolaris release from free CD/ISO
> are under impression that they will recieve updates like on every other
> operating system.
> They are wrong.
> Sun is not giving security updates on Opensolars system
> (access to support repository that includes them)
> to anyone but those who payed Sun for support contract..
>
> Inprint on CD states: "LIVE CD. Keep your software current, register at
> www.opensolaris.com/register"
> Obviously even statement printed on CD is false, users will never be
> able to apply security fixes and update their 2009.06 without paying.
> (unless chasing Develpment release forever is considered staying current)
>
> *Result:
>
> Users that want secure boxes with Opensolaris have 3 possibilities:
>
> 1. To believe to Sun statement printed on CD that they are actually
> updated without
> access to support security packages and to stay on 2009.06 untill next
> release
> (therefore stay with unsecure opensolaris install whole year)
>
> 2. To update their fresh-installed 2009.06 to newest development
> release, (/dev
> repository) right after installing, So it denies actual meaning to even
> releasing
> 2009.06 when only development release could be used for free and patched.
> (therefore running unstable develpment opensolaris system)
>
> 3. To pay to Sun unwanted support contracts just to get security update
> packages.
> (Requires paying for something all other OS`es give for free, even
> commercial ones)
>
> So from my perspective, Sun is keeping secret this "unable to update
> without paying" thing.
>
> I believe that not allowing to new users of Opensolaris to update to
> secure state,
> conflicts with a motivation to give away free Cd`s in the first place.
>
> Also I think that new users should not be lied in the first misleading
> on-CD statement
> that they could keep their software current by simply registering.
>
> *Proposed solution:
>
> Stay on the right track with sincere efforts to allow widespread of
> Opensolaris platform. Allow users to actually use Opensolaris in secure way,
> by allowing access to All users to security repository that will bring
> security patched packages with no need for paying for security packages
> (As for release) and no need to
> sign and pay unwanted support contract.
>
> *If not done:
> If that is not done, Opensolaris free CD`s and Opensolaris ISO releases
> could be looked at
> as simply a way to sell support contracts and as media for Development
> release upgrade.
> And not as a stable solution for new users to migrate to.
> Also new adopters could be thinking that inability to stay secure
> renders conclusion of
> " do not use that". Not to mention repercussions of thinking that
> someone is being
> insincere to users.
> Opensolaris releases could be look at as not releases but as insecure
> development
> snapshots without security repository.
>
> *Proposed action:
> Release security repository (Publisher) for 2009.06 Opensolaris release
> that would include security-patched packages that are now only in
> `support` repository
> and do it so all people could actually use Opensolaris in secure way in
> production environments.
>
> *Benefits:
> By aligning Opensolaris released version security practices with all the
> rest of free Opensource
> released products, Opensolaris can count on widespread of use and wider
> application support.
> Users need stable platform with well-defined releases, even for personal
> use, onwards.
> People and companies would port their packages and use platform in their
> solutions
> IF they have stable and security-backed release.
> There will be more repositories targeting released Opensolaris version
> One thing that can not be done with always-chaising development release.
> Therefore, software porters could rely ons table platform.
> After growing application support user base will grow exponentionally.
>
> _______________________________________________
> opensolaris-help mailing list
> opensolaris-help at opensolaris.org
