Kostas Georgiou wrote:
> I *do* try to find holes at d-cache (or any other software) and if
> i find a security hole in a closed source software my only option
> is to disable it. On the other hand if it's open source i can try
> to fix the problem. Which software do you think is going to be better
> a few years down the line?
And furthermore, I think research projects which depend on particular
closed source software are built on sand: we have no way of tinkering
with the stuff to make it do what we want, and the whole point of
research is to do things that no one has thought of doing before, so
the "we could do X if Y had this little extra feature" comes up all
the time.
Take Objectivity vs Oracle vs MySQL as an example. Objectivity turned
into a dead end because it was a big ugly closed source solution that
we had no control over. Oracle is a similar sort of beast (although
better maintained because they're such a large operation of course)
but if we suddenly found we had to add some Grid stuff to an SQL
database (writing access policies in terms of Grid credentials for
instance) then we could use MySQL instead and hack our wish-list into
it and feed the changes back to them (that's what Yahoo do when they
use MySQL.)
It sounds like d-cache has become another bait-and-switch "oh well,
maybe we'll keep the source closed after all" game.
Cheers
Andrew
|