Fwd: I don't beleive open source is always the answer

["Joe Teff" <joe () joeteff com>]

Although I'm an avid fan of open source, I have a huge problem with that 
model when it comes to enterprise solutions.

The argument that bugs are researched and fixed quicker for open source 
is not completely true. They definitely are if one of the contributors is
interested in that specific area. However, there is nothing compelling 
anyone to fix a specific issue. If it is fixed, the fix occurs in one of 
the builds. There is no back patching of supported versions. In order to 
get a fix as soon as possible, you also have to take many other changes 
that may or may not be complete, safe or tested. Waiting for a milestone 
build that is fairly stable and has sufficient use to shake out most of 
the bugs does not occur any more often than commercial releases from a 
vendor.

The idea of taking the source and making your own change is also 
unrealistic. Since this list is all about security, I know everyone here 
would agree that any such change would require a great deal of testing. 
You've then just made the solution your own product to support.

joe teff

-----Original Message-----
From: Stephen Galliver <[EMAIL PROTECTED]>

> I wonder if these issues point to the ultimate advantage of the open
> source paradigm: that software is released when it is ready, not
> rushed out the door to corner market share.