× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. RPG400-L
  3. December 2002

RE: Source Control (was:Can an RPG module call another RPG module?)

>By the way, you can argue the merits of the
>procedures all you want, but government agencies
>are notoriously close-minded about disagreements.

Truer words were never spoken.  For confidentiality reasons I can't go into
specifics, but suffice it to say that I completely understand Alan's
situation.  My guess is that he ships the source to production which then
gets fed through a secured "build & deploy" program.  Utilising iSeries
native security, that is a guarantee that the object does indeed match the
source, and that the object is deployed properly.  Combined with a secure
distribution methodology (i.e. only an approved QA analyst can promote the
source to production) you end up with a very good audit trail of who touched
the source, what steps were used to test the object in development, who
promoted to production and a guarantee that the source and object match over
on the production system.

An auditor (or automated software!) can verify this by checking the source
date/time stamps vs. the stamps in the object as well as the source
library/member signature.  Since they were compiled in situ there should
never EVER be a discrepancy.  And now that the source/object relationship is
ironclad, the auditor can browse the source to see what the object is going
to do to the database.

This is one of the perennial reasons a customer wants the vendor to provide
the source code, even if the customer never intends to modify it.  The
customer wants to verify what is happening in there.  Working for a software
vendor who provides only object code, we see this objection all the time and
the pressure is getting worse with the burgeoning popularity of Open Source
code.  Fortunately (or not!) our code is created with Synon:2E, and is very
difficult to read, so once we show a sample to our customers they generally
concede that having the source won't help them understand what's going on.

My goal in posting this is to describe a vendor environment and some of the
pressures we actually encounter in the actual marketplace, not to disparage
(or encourage) any particular software distribution methodology.  Whether it
is reasonable for a customer to demand the source is really irrelevant.  For
some customers no source = no sale, and that's that.
  --buck

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.