OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [xml-dev] Re: determining ID-ness in XML

Open source can and does work as you describe.  Good 
point, John.   The rights I get out of a maintenance 
contract depend on negotiation, money's offered, etc. 
All software companies do not act exactly the same 
way.  But all software companies, open source or 
otherwise have to control promises or quickly go 
out of business.  One can turn the open source 
argument on its head though and say that if a 
company has a sizable user base, that user base 
can and does often act in concert or small groups 
to get a BigCo to make changes and that getting 
someone to keep their promises is the same 
problem regardless of the software source.   There are some 
informative articles on Customer Relationships 
Management systems that take up this problem.  
The problem of IIS is that it is a giveaway and 
that is harder to get them to change.  I suspect 
MS does not leave security holes open on purpose. 

len

-----Original Message-----
From: John Cowan [mailto:jcowan@reutershealth.com]

Bullard, Claude L (Len) wrote:


> IIS vulnerabilities are MS's problem.  That is 
> exactly why some of us say "MS and IE only": because 
> we can contractually obligate them to fix them.


And some of us say "No MS or IE", because we cannot, in
fact, contract with either Microsoft or anyone else to
fix them, but are dependent on "sighs and tears".
Been there, done that, not going back.

IMHO the most important right that a user of Open Source
software has stems from the fact that if you have $$$, there
are people out there who will make the program do
whatever you need.


> With 
> MS, I can point to the service agreement and hold 
> them to it.  You can say they will ignore me, 
> but they won't, at least, not as long as I am 
> paying maintenance.


The maintenance in question gives you the right to,
sheeplike, accept whatever changes *they* want to
make, which may have nothing whatever to do with
bugs you identify.  I'm not singling out Microsoft
here: all proprietary software companies act in
exactly the same way.