> Giovanni asked: >Anyway, does anyone see any problem with the community following >Oracle/Sun's security alerts, going through the code to look for related >commits and providing updated packages for free ?
No...I don't see any MAJOR problems. Some of that is done today elsewhere as well as through /contrib. Again, a lot of that support is with FOSS/GPL-based software. The main issue is people having the time to commit to the R/D effort from either a business model (i.e. where it makes sense) or academia. The kernel drivers and other core environment parts may require a bit of feedback and support from Oracle. Otherwise, you'll end up creating a forked version of certain code snippets. Much of the security code fixes seem easy to fix from the community level - but some of the device drivers may take more resources and commitment. Actually, Sun had something like this support in place for a long time. Some people can take over various levels of support. Still people do like to get something in return - if even free movie tickets. So, the community software and hardware developers/engineers can definitely 'take over' maintaining the security patches submitted by Oracle as well as other things. >the greatest obstacle to that is the lack of information and >Oracle/Sun keeping the community at distance. It makes sense since >Oracle/Sun view OpenSolaris just as a highly controlled testing platform for >what will become Solaris. It's just too sad they aren't ready to reap the >benefits of true open source development and let OpenSolaris be a platform >for bleeding edge innovation from where they take the ideas that prove to be >good for their commercial offering. Hmmm...that is not really true. Oracle sees that benefit and has communicated that OpenSolaris has real value to the community and to them. They want to make it profitable so it must fall under product marketing and management for profitability..hence, Oracle Solaris which is due in a few months. Many ISVs did that with Linux (i.e. Redhat/Novell/others). Also, Oracle has reached out and provided needed information to their customers. Much of the work may take 1-2 years to accomplish. But this is a whole other subject. Just like getting businesses and academia to scrap years of Solaris 2.5.1-8/9 installations. Wait till OS2010.03 is officially released... but for now community security support and maintenance is very possible for out-sourcing. ~ Ken Mays -- This message posted from opensolaris.org _______________________________________________ indiana-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/indiana-discuss
