> From: "Stephane" <[EMAIL PROTECTED]>
>
>
> I think most companies are afraid of implementing opensource software as a
> component for an important service such as email. I think that generally
> even though people know email has not been designed to be a 100% reliable
> protocol they still make business with it.
Um ... hundreds of companies already implement opensource software as a
component for their email. Sendmail. I'm not sure if it's still more
prevelent than Exchange, but it has certainly been around longer than
Exchange.
> First of all, please let me highlight that the following thoughts are not
> my personal views but difficult barriers to face when you try to get
> opensource into a large manufacturing company (not an ISP, not a software
> company) like ours.
>
> The major fears are:
> - opensource software is often made by hobbyists and these people do not
> have the structure to provide software support/bugfixes, or quick response
> to a big problem incurring financial losses (no emails go through for
> example!)
This is really more about "Where do I get my support contract" than "is it
open source". For example, if you've got a Sun server, you're probably using
Sun's version of sendmail, or Sendmail's commercial product, or maybe even
the non-commercial sendmail. Whether or not it is open source doesn't matter,
what matters is "did you buy a support contract". There are companies that
make commercial products out of open source products, and then sell support
contracts around them. I used to work for the company that sold support for
gcc and gdb, for example (Cygnus). Sendmail sells support for sendmail.
There are also companies that open source their products, and will support
their commercial versions (Apple is one example).
So, the real fear here isn't "Is it open source", it's "does it have a support
channel", and often it's not even that (afterall, who considers MS to have a
decent support channel?), it's "who has the liability when things break?"
For a commercial product or supported package, you can shift the blame and
liability off on some external organization ... if it's internally supported
(open source, home grown, or legacy and no-longer-supported, etc.), then it's
harder to pass the buck when someone wants to sue for financial losses.
It IS a good qustion to ask, but the boogey man here is not "open source".
(and, someone else on the list did say they'd sell support ... dunno how
serious they were, though) The idea that open source software is just
hobbiest maintained software hasn't been true for about a decade (longer
really, but not in large enough numbers to really be noticed).
> - are upgrades straightfoward and not causing problems to the existing
> running system, are they well tested.
Again, has nothing to do with open source. There are plenty of rinky-dink
companies out there selling unreliable software that isn't well tested
(and sometimes isn't tested at all), or where the upgrades can create more
problems than they were supposed to solve. I hate to sound like a broken
record, but again, MS is a pinacle example here of commercial software that
doesn't meet this critereon. If people were actually concerned about this,
MS wouldn't exist as a viable company.
And, really, it gets back to the support channel and the liability issue.
> - what if the SA project is abandoned, what if the source is bought by a
> commercial vendor, in other words, what if SA as it exists today
> disappears ? With opensource you cannot have a contractual engagement to
> provide support or updates, nor can you really know the roadmap for a
> product and what is planned for future development
You cannot know the roadmap and future of any product, no matter what its
source basis is. Commercial companies go under all the time, or get bought
by a larger company that changes the terms of product or phases it out
quickly, or change their focus over night and abandon the direction they
had been going on and on about in the press ("NeXT is a workstation company",
"NeXT is an OS company", "NeXT is a developer tools company", "NeXT is a
division of Apple, and half of our old products don't exist anymore").
What about businesses that were heavily dependant and based around SunOS 4?
They either had to restructure around SunOS 5, or change to another platform
completley, or die (some of them did). Change happens, and it happens no
matter what arena you're talking about. To claim that commercial software is
better in this regard is far from rational.
Ask Swiss Bank about their heavy investment in Nextstep. Ask anyone who was
a big investor in the Alpha platform or the Arm platform. Ask companies that
sold applications and solutions for the Newton. Ask the companies that were
developing Dreamcast games. None of these people went in saying "hey, this
product is going to die on day X, lets jump on the sinking ship!" They were
given a positive outlook, and in 3 of the 4 examples, from proven industry
giants. And, yet, things didn't stick to the roadmap and the expected future.
Every choice, open source or not, is a leap of faith that the claimed roadmap
will be the actual roadmap, and that the expected future will be the actual
future. In some respects, open source is better about this than closed source
because you have the option to "take your marbles and go home" (ie. if they
go out of business, or they get bought by a nastier company, or the product is
end-of-lifed, or the hobbyists get bored and stop developing it, you DO have
the option of picking it up as an internally supported product that you'll
work on yourself). With a closed-source product, you either have to work the
source code into escrow (contingency in case the developer goes away) or you
are at the total mercy of the developer. (again, ask Swiss Bank about how
they feel about their huge investment in Nextstep) If MS decided to abandon
Windows tomorrow, their customers would be screwed. (yes, not likely to
happen, but we have no way of knowing and no recourse if they decided to do
so) (btw: DOS was officially end-of-lifed 2 weeks ago, and there are still
instrument companies that are/were dependant upon it)
The only way to protect yourself on this one is NOT "stick to commercial
or closed-source software". It's to find and get a support contract (again,
it's back to support channel and liability).
So, the question is ... is there really a serious vendor of Spam Assassin
support contracts out there? Someone who will answer bug reports in a timely
and professional fashion (IMO, I think this already happens, just not in a
formal environment), and who will take on the liability associated with a
support contract?
(I got the feeling the existing offer was more in jest than a serious offer
to sign a contract)
-------------------------------------------------------
This SF.NET email is sponsored by: Thawte.com
Understand how to protect your customers personal information by implementing
SSL on your Apache Web Server. Click here to get our FREE Thawte Apache
Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
