Weblog:   The Growing Politicization of Open Source
Subject:   What about the quality of the software purchased by the government
Date:   2002-08-16 15:38:23
From:   korwin
Response to: What about the quality of the software purchased by the government

On the topic of what government should require from the software vendors:


I disagree with the legislation proposal, not with you. Let's require open standards, not open source. But also, let's require security, reliability and performance acceptance level even before the open standards. Ask the (proprietary or open source) software companies to deliver software that works.


On the topic of the open source software model and more specifically the GPL one:


Purchasing a softare should give you the right to sue the software vendor if this software fails to work as it is supposed. (Government requirements, quality standards and conformance tests would be a base for this to happen. :-)) If i am hurt because a car malfunctions, i can sue the car manufacturer. The same should apply to software. The thing here is - i can see the proprietary software companies as Microsoft being able to actually comply with such requirements; however, i fail to see how an open source company would be able to do it. As you said - OpenSource 'R' Us might sell me the software and might be willing to provide support (well, that's their revenue model), but i doubt they would be willing to go to the court to defend somebody else's code.


Are you personally willing to guarantee the security and the reliability of a software solution you would sell to some of your client? I assume you use gcc - would you be willing to stand by the binaries, produced by it, to the degree of taking the responsibility and allowing to be sued?

Full Threads Oldest First

Showing messages 1 through 2 of 2.

  • What about the quality of the software purchased by the government
    2002-08-16 16:04:18  pkobly [View]

    >I disagree with the legislation proposal, not
    >with you. Let's require open
    >standards, not open source. But also, let's
    >require security, reliability and
    >performance acceptance level even before the
    >open standards. Ask the (proprietary or open
    >source) software companies to deliver software
    >that works.

    While this is a laudable goal, how do we assert that the software works or is secure? Black-box testing is simply *not* sufficient to assert quality with any credibility. Open source, allows the purchaser or the user (in this case the government) to perform its own testing and audits, rather than simply relying on the bare assertions of a vendor.

    Remember, the Pinto went through testing before it was unleashed on the world.

    > Purchasing a softare should give you the right
    > to sue the software vendor if this software
    > fails to work as it is supposed.

    This requires a complete definition of how the software is supposed to work, and under what conditions. That definition often does not exist in general purpose computing.

    If you ever get the right to sue vendors, then you ought to consider the likelihood of vendors being able to pay out on lawsuits. That same problem exists with many consumer goods. But it's a moot point now. Small companies are just as able to pay out the $0 judgements that you can get now as are big companies.

    > Are you personally willing to guarantee the
    > security and the reliability of a software
    > solution you would sell to some of your client?

    Is Microsoft?

    > I assume you use gcc - would you be willing to
    > stand by the binaries, produced by it, to the
    > degree of taking the responsibility and
    > allowing to be sued?

    I would be more willing to do so while using gcc than while using a proprietary compiler. I don't have to rely exclusively on the assertions of a third party that the compiler works correctly.
    • What about the quality of the software purchased by the government
      2002-08-16 16:28:09  korwin [View]

      >> Are you personally willing to guarantee the
      >> security and the reliability of a software
      >> solution you would sell to some of your client?

      >Is Microsoft?

      Well, you should ask this question to Microsoft, not to me. I would gladly see Microsoft change the EULA for their products, but that has nothing to do with the discussion here. They are just one more software vendor that should abide by any level of acceptance the government imposes.

      Speaking os which, i still don't the answer to my question. "They do not guarantee, so we will not as well, but you should believe us when we say ours is better" is not good enough. Shouting loudly "we are better because we are open" does not make you right. Nor does "We are better because we are free".
      Now, "We do better job and have superior product and those are not just marketing gimmicks - we are willing to stand by our words and allow you to sue us if we are proven wrong; meanwhile as a bonus over the competitors - here's the source for our code. Oh, btw you can have it for free as well" is different story. If any open source software company or programmer tell me this, i would be the first to say that the open source model is better than anything else.

      >I would be more willing to do so while using gcc
      >than while using a proprietary compiler. I don't
      >have to rely exclusively on the assertions of a
      >third party that the compiler works correctly.

      And what do you rely on when using gcc? Have you went through the gcc code and did you make extensive testing of it? Well, there might be people there that did it and there is a cnance you are one of them :-), but most probably you did not. So, you do rely only on the assertions of the gcc folks.

Showing messages 1 through 2 of 2.