Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!mnetor!uunet!husc6!bbn!uwmcsd1!ig!jade!ucbvax!BU-CS.BU.EDU!bzs From: bzs@BU-CS.BU.EDU (Barry Shein) Newsgroups: comp.protocols.tcp-ip Subject: Networks & vendor upgrades/fixes Message-ID: <8711222136.AA25270@bu-cs.BU.EDU> Date: Sun, 22-Nov-87 16:36:19 EST Article-I.D.: bu-cs.8711222136.AA25270 Posted: Sun Nov 22 16:36:19 1987 Date-Received: Wed, 25-Nov-87 03:26:56 EST References: <8711222104.AA11940@etn-wlv.EATON.COM> Sender: daemon@ucbvax.BERKELEY.EDU Organization: The ARPA Internet Lines: 50 >Distributing source code seems to be inconsistent with the desire to enforce >version controls. The availability of source code seems to be an attraction >to the "tinkerer" much like a flame is to a moth--one's version control be- >comes a historical artifact when the "tinkerer" gets access to the code. > >If the source is distributed on a media other than electronic as "documentat- >tion", it is extremely useful and it is relatively easy to maintain version >control of the software. > >Merton Campbell Crockett There are certainly better ways to do version control than to withold the sources. I've heard this argument for years and I still don't believe that the solution is OCO distributions, I don't even believe this is ever the real reason (vague fears of losing the technology are probably the real reason, either de facto [falling into a competitor's hands] or de jure [a court deciding you gave away the store], some of these fears have no rational basis, some do, but the conservative choice is obvious (even if it loses sales?!)) For example, one could simply demand, as with all warrantees, that software will not be maintained if monkeyed with (tho patches could be supplied everyone and they can do what they like with them.) To settle disputes it would be easy enough to provide a simple checksum program on the source. Whatever, but witholding the source has to be the worst possible solution to this (undisputed) problem. One thing I hate is vendors who won't even sell any source support (that is, you don't get the source patches for minor releases, so either you live with the bugs, obsolete your sources or guess how to fix the problem.) Vendors could also get more aggressive about these problems instead of sitting around getting into trouble (I have no doubt they do with large customers who get the sources, tinker, then demand support anyhow, money talks...) Usually when I get a source release I pays my money and that's that, a tape shows up, even if I already have maintenance on the software. I could see being asked to sign something which clearly states the new responsibilities now that you have sources. Heck, to trade options on the CBOE you have to sign a form acknowledging your lack of good sense. Seriously, how do you know they haven't mucked with the rest of the O/S, binary patched your sw, etc. Same problem. Microfiched source is not the answer either, unless you get some sort of satisfaction at merely looking at the buggy code that's bringing your system to its knees. Blechh. -Barry Shein, Boston University