Re: Fwd: I don't beleive open source is always the answer

["George W. Capehart" <gwc () acm org>]

On Wednesday 10 December 2003 10:21 pm, Joe Teff wrote:

<snip>

> The idea of taking the source and making your own change is also
> unrealistic. Since this list is all about security, I know everyone
> here would agree that any such change would require a great deal of
> testing. You've then just made the solution your own product to
> support.

<wise-acre remark>
As opposed to blithely installing the latest patch from Microsoft as 
soon as it is available without taking it into the lab and seeing what 
it breaks first?
</wise-acre remark>

I have two thoughts:

(1) Don't see that this is all that different from supporting systems 
that were developed from scratch in-house or for a system for which the 
source was purchased with the intent of implementing internal 
modifications.

(2) Any organization that doesn't run *any* new version of software 
(whether it be open source, closed source or in-house developed) 
through a change control process and regression and stress testing 
before putting it into production deserves what it gets . . .

"But then, I could be wrong."  <Apologies to Dennis Miller>

/g
-- 
George Capehart

BOFH excuse #389:
/dev/clue was linked to /dev/null