On Apr 21, 2010, at 1:19 PM, Steve Wray wrote:
Spiro Harvey wrote:
On Wed, 21 Apr 2010 14:36:17 +1200
Steve Wray <steve.w...@cwa.co.nz> wrote:
I know that in certain jurisdictions, reaching out to someone
elses computer (ie not your property) and disabling functionality
on it
could constitute a criminal act.
I sincerely hope that someone somewhere under such a jurisdiction
goes to the police and reports the Clamav developers for such an
offense.
Points to consider:
4. What did you pay for the software?
5. Where's your contract with them?
This is part of the attitude problem from many open source projects.
They are (too often) run by technicians and programmers with no
input from the business side.
What the Clamav team did, I can't believe it would have made it
through a business analyst and I can't believe that any executive
would have signed off on something like that after considering the
potential impact it could have on their clients.
Possibly true for a commercial company, but that would have been to
protect their revenue stream. In this case, ClamAV's revenue stream
was not affected so, needlessly spend money on alternate methods would
most likely have been prohibited by the same business analyst.
For the last 4 years or so I have had to shift my mindset from that
of pure sysadmin to taking business considerations into account; its
very easy for someone who is absorbed with programming and
engineering to forget that IT is there to support business and that
business is not there to support IT.
This is something that I personally have struggled hard with, it can
be difficult for a 'geek' to move in that direction. But its very
very important if OSS is to be taken seriously in the enterprise.
So many OSS projects do not view their users as clients or
customers; they view them either as experimental subjects or as
fellow experimenters. They only take the technical considerations
into account and largely ignore potential impact on business.
This is true both of the Clamav developers and of those people who
didn't take precautions against potential problems such as the
Clamav developers introduced. (And make no mistake; a problem was
*created* by the Clamav team, a problem that did not exist prior to
the changes they made).
I have been using Linux since 1991 and I have seen a lot of positive
change in that time. I have seen it go from crazy 'fringe' to being
widely accepted in the enterprise. But shenanigans like this can
risk all of that hard work.
This is why I raised the legal and ethical issue; because that is
what the business end should be considering and its what the
technical end only rarely considers.
I understand that Clamav is free as in 'beer' and that there is no
legal contract with the Clamav team. However, Clamav has a parent
company, Sourcefire, which is listed on Nasdaq and is a 'proper'
corporation.
Yes, but still the same business analysts would not want to spend
money where it was not affecting a revenue stream.
I have written to them to find out what they think of this, if
anything at all...
Sourcefire actually have executives and a general council and I am
sure that they employ business analysts as well. I will be
interested to see if what the Clamav team did is condoned by the
parent company which clearly has some business acumen behind it.
Don't get distracted by issues such as "Oh those bad silly sysadmins
out there who messed up, its really *their* fault not the fault of
the Clamav developers!" That is just *not* helpful. The damage is
already done; damage to peoples systems and damage to the reputation
not only of Clamav but of OSS in general.
Jim
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
