|
Buck,
Thanks for sharing this. What a great answer when people question using
open source software. Managers do implicitly trust in-house developers.
Are open source developers trustworthy? Well, they're willing to subject
their code to the prying eyes of anyone who'll care to look--perhaps
thousands of people. I'll keep this in mind next time I want to propose
using open source.
Michael
Oh my, I've partaken in the vain slaughter of many electrons!
"WDSCI-L" <wdsci-l-bounces@xxxxxxxxxxxx> wrote on 03/11/2015 01:00:03 PM:
----- Message from Buck Calabro <kc2hiz@xxxxxxxxx> on Wed, 11 Marby
2015 11:59:25 -0400 -----
To:
wdsci-l@xxxxxxxxxxxx
Subject:
Re: [WDSCI-L] Might be getting 1-day admin privileges to PC; what to
install besides iSphere?
On 3/10/2015 4:56 PM, Dan wrote:
I'm not sure whether I'll be asked, but have either the iSphere or the
RPGUnit plug-ins been "vetted", officially or unofficially "blessed"
noIBM? I trust the people on this list, and am sure these plug-ins pose
suresecurity risks, but they are pretty tight around here, and I'm not
forwhether anyone else here has already "officially" vetted any plug-ins
RDi.
This is a great question in the age of open source software. I was
first asked it perhaps 10 years ago when I wanted to use CGIDEV2 in
production software.
My answer back then: 'We do not have a certification process for any
software, including our in-house RPG. We do not - and perhaps can not -
certify our RPG to meet specific security and supportability criteria,
not the least because there ARE NO security and supportability criteria
to be met.'
This of course is a non-answer to a manager. Managers implicitly trust
their developers to write their code 'properly'. They have no such
faith in developers they have never met. I don't think there's a good
answer beyond 'Do you trust me personally?'
In the case of these particular plugins, the enhancements are to RDi
itself. They don't connect to the database; there's no back door SQL
injection risk, etc. They enable a developer to develop better by
allowing him (me) to think better. If for some reason, iSphere were to
crash horribly, I'd be back to the bare bones RDi. Business continuity
would be completely unaffected.
--
--buck
As usual I have slaughtered many electrons in vain.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.