At the risk of diverging this thread again... I gave some more thought to Joebert's assertions. There are a couple things to consider:
1) compliance is not bling. For example if you want to interconnect with MasterCard's network, you NEED to be PCI-DSS compliance. This compliance is audited by say SGS. 2) If you want to store financial data from US-domiciled entities, you need to comply with Sarbenes-Oxley regulations. Again this is the law. 3) If you want to store health-care data, you need to comply with HIPAA. Now I am not saying these things cannot be done with open-source. But it's a lot harder. For example PCI-DSS requires role separation between the data owner and the DBA. Can this be done with MySQL? I think not. This is to say nothing of the root user! also, data on the disk and over the wire must be encrypted. True you can use SSL or an encrypting file system for this, but it's not a "validated" solution. Financial services and health care is big business. If you were a bank with a large turnover, would you go with a Free solution, or one backed by a billion-dollar company? Another assertion I'll make (which may be controversial) is that in the long run, Free solutions are not necessarily cheaper than Closed ones. While it is true that the license cost is negligible, ongoing support costs are comparable and may be more -- if for example you cannot Go To Market in time because you're still DIY'ing your solution. Free solutions have their place -- if you have a crack tech team or you're a startup. But most large companies don't have the luxury of hiring the Joeberts and Foolers of this world -- they have to make do with grunts and their personnel churn is high. In such a case, you need to have a single neck to strangle, and that's the large Closed Source vendor. _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
