Alan Coopersmith wrote: > If you want to get closer to the people who can actually act on your proposal, > it should go to indiana-discuss, not opensolaris-help, which is a forum for > users to help their fellow users. > > -Alan Coopersmith- [email protected] > Sun Microsystems, Inc. - X Window System Engineering > > > Nikola M. wrote: > >> Title: >> Opensolaris releases unsecure by default, or: >> Why are Opensolaris stable 2009.06 users forced to pay for security updates? >> Ok, here is the proposal. Do you think security repository shoud be made available at the same way as releases are? Comments? >> *Problem: >> Users installing 2009.06 Opensolaris release from free CD/ISO >> are under impression that they will recieve updates like on every other >> operating system. >> They are wrong. >> Sun is not giving security updates on Opensolars system >> (access to support repository that includes them) >> to anyone but those who payed Sun for support contract.. >> >> Inprint on CD states: "LIVE CD. Keep your software current, register at >> www.opensolaris.com/register" >> Obviously even statement printed on CD is false, users will never be >> able to apply security fixes and update their 2009.06 without paying. >> (unless chasing Develpment release forever is considered staying current) >> >> *Result: >> >> Users that want secure boxes with Opensolaris have 3 possibilities: >> >> 1. To believe to Sun statement printed on CD that they are actually >> updated without >> access to support security packages and to stay on 2009.06 untill next >> release >> (therefore stay with unsecure opensolaris install whole year) >> >> 2. To update their fresh-installed 2009.06 to newest development >> release, (/dev >> repository) right after installing, So it denies actual meaning to even >> releasing >> 2009.06 when only development release could be used for free and patched. >> (therefore running unstable develpment opensolaris system) >> >> 3. To pay to Sun unwanted support contracts just to get security update >> packages. >> (Requires paying for something all other OS`es give for free, even >> commercial ones) >> >> So from my perspective, Sun is keeping secret this "unable to update >> without paying" thing. >> >> I believe that not allowing to new users of Opensolaris to update to >> secure state, >> conflicts with a motivation to give away free Cd`s in the first place. >> >> Also I think that new users should not be lied in the first misleading >> on-CD statement >> that they could keep their software current by simply registering. >> >> *Proposed solution: >> >> Stay on the right track with sincere efforts to allow widespread of >> Opensolaris platform. Allow users to actually use Opensolaris in secure way, >> by allowing access to All users to security repository that will bring >> security patched packages with no need for paying for security packages >> (As for release) and no need to >> sign and pay unwanted support contract. >> >> *If not done: >> If that is not done, Opensolaris free CD`s and Opensolaris ISO releases >> could be looked at >> as simply a way to sell support contracts and as media for Development >> release upgrade. >> And not as a stable solution for new users to migrate to. >> Also new adopters could be thinking that inability to stay secure >> renders conclusion of >> " do not use that". Not to mention repercussions of thinking that >> someone is being >> insincere to users. >> Opensolaris releases could be look at as not releases but as insecure >> development >> snapshots without security repository. >> >> *Proposed action: >> Release security repository (Publisher) for 2009.06 Opensolaris release >> that would include security-patched packages that are now only in >> `support` repository >> and do it so all people could actually use Opensolaris in secure way in >> production environments. >> >> *Benefits: >> By aligning Opensolaris released version security practices with all the >> rest of free Opensource >> released products, Opensolaris can count on widespread of use and wider >> application support. >> Users need stable platform with well-defined releases, even for personal >> use, onwards. >> People and companies would port their packages and use platform in their >> solutions >> IF they have stable and security-backed release. >> There will be more repositories targeting released Opensolaris version >> One thing that can not be done with always-chaising development release. >> Therefore, software porters could rely ons table platform. >> After growing application support user base will grow exponentionally. >> >> _______________________________________________ >> opensolaris-help mailing list >> [email protected] >> > _______________________________________________ > opensolaris-help mailing list > [email protected] >
_______________________________________________ indiana-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/indiana-discuss
