On Mon, 27 Jun 2005, Gordon, JC (John) wrote:
>Update on the information I mailed the other day :-
>
>It now looks like we will never get an open source licence for dCache.
>
> [...]
>
>The main requirement that is left unsatisfied is that of folk who wish
>to eyeball all code they run on their systems. I don't think this should
>be left to individual sysadmins.
It's not just the ability to review and audit the code, but the ability
to improve apon it where necessary (and make use of the improvements of
others). This can result in a substantial network effect.
We also gain the option of recompiling the tools (patching where
necessary) for alternative architectures ourselves (eg x86_64) without
depending on the original developers to support this option.
Plus, the fact that it is open-source is a useful safety feature --
open source software will always be available. We don't have to worry
that the license for free use of, say, dCache might be revoked or
otherwise constrained in some manner that would prevent its continued
use.
>All of our middleware should be subject to external security review,
>gLite: for example. I have no solution to this.
Deprecate the use of dCache? It seems like the only viable option.
Cheers,
David
--
David McBride <[log in to unmask]>
Department of Computing, Imperial College, London
f u cn rd ths, u cn gt a gd jb n cmptr prgrmmng.
|