David, I am convinced of the merits of open source but also of the
rights of developers not to take that route.
My last paragraph had its meaning changed by a last minute edit. When I
said I didn't have a solution, I meant to the use case of the sysadmin
who wants to eyeball everything. For the general case of scrutiny of non
open software we do have an option which is for certification by some
trusted third party. Would GridPP sysadmins feel happier about software
which had been scrutinised and approved by someone they knew? Say Jens
or Andrew MacNab? I am trying to get EGEE to introduce some sort of
security review of middleware as part of EGEE2.
John
> -----Original Message-----
> From: Testbed Support for GridPP member institutes
> [mailto:[log in to unmask]] On Behalf Of David McBride
> Sent: 27 June 2005 15:49
> To: [log in to unmask]
> Subject: Re: d-cache software license?
>
> On Mon, 27 Jun 2005, Gordon, JC (John) wrote:
>
> >
> >The main requirement that is left unsatisfied is that of
> folk who wish
> >to eyeball all code they run on their systems. I don't think
> this should
> >be left to individual sysadmins.
>
> It's not just the ability to review and audit the code, but
> the ability
> to improve apon it where necessary (and make use of the
> improvements of
> others). This can result in a substantial network effect.
>
> We also gain the option of recompiling the tools (patching where
> necessary) for alternative architectures ourselves (eg x86_64) without
> depending on the original developers to support this option.
>
> Plus, the fact that it is open-source is a useful safety feature --
> open source software will always be available. We don't have to worry
> that the license for free use of, say, dCache might be revoked or
> otherwise constrained in some manner that would prevent its continued
> use.
>
> >All of our middleware should be subject to external security review,
> >gLite: for example. I have no solution to this.
>
> Deprecate the use of dCache? It seems like the only viable option.
>
> Cheers,
> David
> --
> David McBride <[log in to unmask]>
> Department of Computing, Imperial College, London
>
> f u cn rd ths, u cn gt a gd jb n cmptr prgrmmng.
>
|