I first encountered the notion of source-in-escrow in the 80's when negotiating purchase of a well known product. History sadly saw demise of the customer while the vendor still thrives. But I'm acutely curious: after all this discussion over the pros and cons of seeking an escrow clause, does anyone know of a case where one was actually executed? Has any customer in practice ever taken possession of escrowed source code? To what end? With what ultimate outcome?
. . J.O.Skip Robinson Southern California Edison Company Electric Dragon Team Paddler SHARE MVS Program Co-Manager 626-302-7535 Office 323-715-0595 Mobile [email protected] From: John McKown <[email protected]> To: [email protected], Date: 05/09/2014 07:37 AM Subject: Re: Vendor Source Code Sent by: IBM Mainframe Discussion List <[email protected]> On Fri, May 9, 2014 at 7:54 AM, Bob Shannon <[email protected]>wrote: > > For smaller ISVs, I wonder if it would be helpful to integrate something > like "git" or "subversion" into their processing, with a secure (are there > any?) "off site" backup master. > > Why do you think this is an original idea? All ISVs deal with source code > management. Some use open source solutions; some use RYO methods. Most, if > not all, escrow the source on release boundaries. Our CVS repositories are > replicated to three different locations daily. I'm sure we're not unique. > I didn't mean for it to come across as being an original thought (there is nothing new under the Sun). It was just to toss out an idea which I hadn't seen discussed on this thread before. Kind of along with the idea of the software escrow and how some said that the software in escrow becomes out of date, sometimes quite quickly. So perhaps a "software escrow" company could be the host for the off site repository & backup system. This should keep the software in the escrow account up to date. And, with an SCM, make it possible for a company or client (if the vendor goes out of business) to get a specific level of the software. This would be much easier if the build process included the SCM "level" (git commit or "whatever" for other SCMs - I think subversion has some "special indicator" which is replaced on checkout by the "level") was used to generate the executable. It would also be helpful if the build process itself created some sort of "object" (don't know what) which detailed how the build was actually done (make file, scripts, JCL, other). And this may be what your company, and others, are already doing. I'm am not all that knowledgeable about such, unless they are brought up here. > > Bob Shannon > Rocket Software ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
