Re: Fwd: I don't beleive open source is always the answer

[Martin Stricker <shugal () gmx de>]

Joe Teff wrote:
> Although I'm an avid fan of open source, I have a huge problem with
> that model when it comes to enterprise solutions.
>
> The argument that bugs are researched and fixed quicker for open
> source is not completely true. They definitely are if one of the
> contributors is interested in that specific area. However, there is
> nothing compelling anyone to fix a specific issue. If it is fixed,
> the fix occurs in one of the builds. There is no back patching of
> supported versions. In order to get a fix as soon as possible, you
> also have to take many other changes that may or may not be complete,
> safe or tested. Waiting for a milestone build that is fairly stable
> and has sufficient use to shake out most of the bugs does not occur
> any more often than commercial releases from a vendor.

That's where enterprise support companies come into the game. Look, for
instance, at Red Hat. When you buy their Red Hat Enterprise Linux, you
also buy a service contract, which guarantees you QAed backports of
security fixes for quite a long time (I think 4 or 5 years). Of course
such service is not without cost. But then, since it is (mostly) Open
Source, you can even grab the source for free and build it yourself.

Or look at Debian - they don't sell their service, but there they always
have a Stable branch where they backport important patches to. Of
course, because Debian is a volunteer effort, the lifetime of their
products is not as long as from Red Hat.

You can provide enterprise-level support for Open Source software. And
for the enterprise Open Source is even better than closed source: If the
maintainer decides to drop support for your software or your preferred
version, you have the possibility to continue support yourself, or you
can pay someone to do it, or you can start a business offering this
support. All this is *impossible* with closed source. This is why
companies must migrate away from WinNT server, but may be able to stay
with Red Hat Linux 7.3 even though Red Hat will stop support for 7.3 at
end of 2003 - there is a volunteer project, and Progeny (owned by
Novell) will also offer longer support, both will do this with
backporting.

> The idea of taking the source and making your own change is also
> unrealistic. Since this list is all about security, I know everyone
> here would agree that any such change would require a great deal of
> testing. You've then just made the solution your own product to
> support.

Which sometimes does happen (see the GNU Emacs/Xemacs fork). With Open
Source you have the possibility to get extended support after the
maintainer drops it. If you'll get it is another question, of course...
But with closed source there is *no way* you'll get support after the
owner drops it! The way Open Source works is rather new to the
enterprise world, so companies which offer support for this software are
not yet frequent, but they do exist. And this might very well be a great
business idea...

Best regards,
Martin Stricker
-- 
Homepage: http://www.martin-stricker.de/
Linux Migration Project: http://www.linux-migration.org/
Red Hat Linux 9 for low memory: http://www.rule-project.org/
Registered Linux user #210635: http://counter.li.org/