Women in Technology

Hear us Roar



Weblog:   The Growing Politicization of Open Source
Subject:   What about the quality of the software purchased by the government
Date:   2002-08-16 14:54:24
From:   zwack
Response to: What about the quality of the software purchased by the government

Ummm... Thanks for your rant... I think...


You did not answer ANY of my questions though...


So hopefully we can get a clear understanding of what I suggested, and then you can explain why I am wrong...


"Can you say that you know the company that made Linux? Hmm, who would be responsible if a bug in OpenOffice..."


Well, I still had a vendor in there, one who was willing to provide support. The government is going to buy a solution from somewhere. If it's Linux and they buy it from RedHat then RedHat would be responsible for supporting that software. If it's StarOffice and they buy it from Sun then Sun provide the support... If it's OpenOffice and they buy it from "OpenSource 'R' Us" then OpenSource 'R' Us would provide support.


They don't have to accept responsiblity for the bugs, just provide support. They should try and fix the bugs or get someone else to, but they need to provide some form of support. If you think I am being easy on them with the "don't have to accept responsibility for" bit then I would suggest you go read some EULAs from Microsoft... or indeed anyone else.


What I want is for the mandate to be for Open Standards for the file and data formats. This makes sense to me... And as you like your car analogy it's like me saying "Here are the sepcifications for a tyre for a '65 Mustang..." And then looking around to see who made tyres that fit that specification. I could get Firestone or Michelin or any number of other brands of tyres made to that specification. They're not all made by one company. Similarly if I was to say "Here is the file format for a word processed document..." Multiple vendors could produce software that could read and write the same document. Some of them might be closed source, some of them might be open source... Some of them might even involve people following procedures in a manual that caused them to produce a file using an ascii text editor that met the standard. I don't care. But I can look at the specification, write my own tool to manipulate it and do what I want with the document. Multiple vendors providing software that can interact is true CHOICE. If I like the spell checker in tool 1 but the Mail merge in tool 2 there is nothing to stop me using 2 for a mail merge and 1 for the spell checker. If tool 3 has a mail merge that's almost as good as that in 2 and a spell checker that is almost as goos as that in 1 then I might decide that 3 was good enough for my needs and only use that. If however each vendor only supports their own proprietary data formats then I have to choose one tool that will do... And if Tool 3 didn't exist I would have to decide if Mail Merge or Spell Checking was important to me. And if I choose tool 1 and the manufacturer goes out of business... What then? I have to either convert my data to work with tool 2 (and data conversion is not a fun process) or I have to keep using tool 1 and doing without any new features.


I don't agree with RMS that all developers should have to use GPL. I think that that is your choice. (I do, but I made that decision, nobody forced me to). Equally I don't agree that I should be forced to use proprietary products because nobody knows what their data format is.


If Governments mandated Open Standards for File and Data Formats that would encourage software that can interoperate. Interoperability is good for everyone except the dominant market leader. Vendor Lock-in is bad for everyone except the vendor that you are locked in to. Interoperability encourages TRUE innovation. If the market leader can retain their market share by providing new features that people want then everyone benefits. They might have to work a bit harder than with lock-in... But it gives everyone a fair chance.


Z.

Full Threads Oldest First

Showing messages 1 through 3 of 3.

  • What about the quality of the software purchased by the government
    2002-08-16 15:38:23  korwin [View]

    On the topic of what government should require from the software vendors:

    I disagree with the legislation proposal, not with you. Let's require open standards, not open source. But also, let's require security, reliability and performance acceptance level even before the open standards. Ask the (proprietary or open source) software companies to deliver software that works.

    On the topic of the open source software model and more specifically the GPL one:

    Purchasing a softare should give you the right to sue the software vendor if this software fails to work as it is supposed. (Government requirements, quality standards and conformance tests would be a base for this to happen. :-)) If i am hurt because a car malfunctions, i can sue the car manufacturer. The same should apply to software. The thing here is - i can see the proprietary software companies as Microsoft being able to actually comply with such requirements; however, i fail to see how an open source company would be able to do it. As you said - OpenSource 'R' Us might sell me the software and might be willing to provide support (well, that's their revenue model), but i doubt they would be willing to go to the court to defend somebody else's code.

    Are you personally willing to guarantee the security and the reliability of a software solution you would sell to some of your client? I assume you use gcc - would you be willing to stand by the binaries, produced by it, to the degree of taking the responsibility and allowing to be sued?
    • What about the quality of the software purchased by the government
      2002-08-16 16:04:18  pkobly [View]

      >I disagree with the legislation proposal, not
      >with you. Let's require open
      >standards, not open source. But also, let's
      >require security, reliability and
      >performance acceptance level even before the
      >open standards. Ask the (proprietary or open
      >source) software companies to deliver software
      >that works.

      While this is a laudable goal, how do we assert that the software works or is secure? Black-box testing is simply *not* sufficient to assert quality with any credibility. Open source, allows the purchaser or the user (in this case the government) to perform its own testing and audits, rather than simply relying on the bare assertions of a vendor.

      Remember, the Pinto went through testing before it was unleashed on the world.

      > Purchasing a softare should give you the right
      > to sue the software vendor if this software
      > fails to work as it is supposed.

      This requires a complete definition of how the software is supposed to work, and under what conditions. That definition often does not exist in general purpose computing.

      If you ever get the right to sue vendors, then you ought to consider the likelihood of vendors being able to pay out on lawsuits. That same problem exists with many consumer goods. But it's a moot point now. Small companies are just as able to pay out the $0 judgements that you can get now as are big companies.

      > Are you personally willing to guarantee the
      > security and the reliability of a software
      > solution you would sell to some of your client?

      Is Microsoft?

      > I assume you use gcc - would you be willing to
      > stand by the binaries, produced by it, to the
      > degree of taking the responsibility and
      > allowing to be sued?

      I would be more willing to do so while using gcc than while using a proprietary compiler. I don't have to rely exclusively on the assertions of a third party that the compiler works correctly.
      • What about the quality of the software purchased by the government
        2002-08-16 16:28:09  korwin [View]

        >> Are you personally willing to guarantee the
        >> security and the reliability of a software
        >> solution you would sell to some of your client?

        >Is Microsoft?

        Well, you should ask this question to Microsoft, not to me. I would gladly see Microsoft change the EULA for their products, but that has nothing to do with the discussion here. They are just one more software vendor that should abide by any level of acceptance the government imposes.

        Speaking os which, i still don't the answer to my question. "They do not guarantee, so we will not as well, but you should believe us when we say ours is better" is not good enough. Shouting loudly "we are better because we are open" does not make you right. Nor does "We are better because we are free".
        Now, "We do better job and have superior product and those are not just marketing gimmicks - we are willing to stand by our words and allow you to sue us if we are proven wrong; meanwhile as a bonus over the competitors - here's the source for our code. Oh, btw you can have it for free as well" is different story. If any open source software company or programmer tell me this, i would be the first to say that the open source model is better than anything else.

        >I would be more willing to do so while using gcc
        >than while using a proprietary compiler. I don't
        >have to rely exclusively on the assertions of a
        >third party that the compiler works correctly.

        And what do you rely on when using gcc? Have you went through the gcc code and did you make extensive testing of it? Well, there might be people there that did it and there is a cnance you are one of them :-), but most probably you did not. So, you do rely only on the assertions of the gcc folks.

Showing messages 1 through 3 of 3.