[Note: I have no particular extra "inside" information about this topic
- this is solely my opinion as a sysadmin, and I speak for no one but
myself]
In all honestly, if an entity makes an Operating System available for
free, then security fixes should be provided as Good Citizenship.
Naturally, I'm assuming that the entity has a development organization
behind that OS, and that it is actively working on all sorts of patches,
for both paying and non-paying customers. But to offer an insecure
product (or one which rapidly becomes insecure, which, let's face it, is
/all/ software) and fail to provide basic security patches is Bad Faith,
in my opinion.
Preferentially, I think a reasonable thing for Oracle to do with Solaris
is the following:
(1) Quit giving away Solaris 10. Instead, provide several different
Support Contract levels for Solaris 10, with a very basic one providing
/solely/ security patches for some nominal fee (<$100/yr/server). Other
gradiations as desired, of course.
(2) Continue to do (most) development work out in the open in
OpenSolaris, and provide FREE access to everything in the OpenSolaris
repos. Use this as the "first-one's-free" hook to get people
introduced to Solaris as an OS. And, of course, get all of us to do
beta-testing for it. :-) Honestly, I think it's entirely reasonable
for Oracle to declare that There Shall Be No Support Contract for
OpenSolaris - it's a development platform, and I think efforts are
better spent in moving along the development effort as a whole than
having to dedicate some folks to support services.
Who knows. It's a suggestion. We're still waiting for Oracle Mgmt to
really just (publicly) speak it's mind completely, then we can get down
to the business of changing it. :-)
--
Erik Trimble
Java System Support
Mailstop: usca22-123
Phone: x17195
Santa Clara, CA
_______________________________________________
opensolaris-discuss mailing list
[email protected]
