Blogs

Open Source Software has been findings its way into various governments and government entities throughout the world. And it is finding its way more and more into defense industry. And the stringency of defence industry regulations may cause conflicts with the open source license requirements for openness. One example is the co-existance of OSS licenses (GPL2, etc) with International Traffic in Arms Regulations (ITAR). The software used in defense industry apps is being ported to Linux more and more. Yet there are restrictions in use and distribution which may come in an apparantly direct conflict.

While I started writing this in response to https://fossbazaar.org/content/quality-matters, but seemd to warrant a separate post.

FOSS users are becoming increasingly apathetic regarding the proactive management of software obtained for nominal cost. The recent Debian example comes to mind, where for an extended period of time,  OpenSSL within it had been modified with a code checking tool. Such modification removed a programmatic element important to the generation of the key, such that the total possible key combinations were effectively reduced to a fraction of the total unbroken possibilities. This problem existed for nearly two years, with countless users depending on the code, using vendor solutions to test for the same things, and yet this went undetected.

A question that frequently comes up when talking with those who are new to FOSS is, "But how can I be sure as to the quality of the code?" And I would suggest that the answer to which, as with proprietary software, is largely the application of common sense. Due diligence in the form of seeking out case studies, soliciting the experiences of peers and the collation of other empirical evidence. Nothing new or difficult here.

It may be that a vendor features in the equation, and in which case they should be able to provide some level of assurance also. However, the absence of a vendor should not dissuade you from doing what you would have done previously. But you must also consider the ability of your organisation, or its contracted support provider, to maintain the code.

I attended Openmind last week, an interesting conference organized by the Finnish Centre for Open Source Solutions (COSS) to bring together open source professionals, community members and academics in Finland. In the session about business aspects of open source, in which I gave a talk about FOSS Governance, Nina Helander and Mikko Rönkkö presented the preliminary results of the National Software Industry Survey 2008.

A few months ago the US Court of Appeals upheld the Artistic License as legally valid, and in doing so strengthened the position of other FOSS licenses. Prior to which the GPL has been upheld a number of times in German courts, thanks to chiefly the efforts of Harald Welte and Till Jaeger.