On Wed, Aug 05, 2009 at 09:30:33PM +0200, Julien BLACHE wrote: > In the free software world, the diversity we have today, which is > partly due to unaligned releases from the major vendors, is an asset. Security-wise ? Let's admit that, I don't want to fight on that point, even if I think it's not as simple. But speaking from my experience as an employee of a software editor, I can tell that the distribution diversity is a huge problem when it comes to distributing our work. If your client use a Ubuntu LTS, a RHEL, a SuSE or worst for some, some kind of home-brewed monster taken half from a RHEL and custom packages (*sigh*) then you have as many builds to do, regress-test and so on. When you target Windows or Solaris or MacosX, you usually officially support the last two releases, and that's it (and please, it's the same for "Linux" distributions, for RH you "have" to support RH4.x and RH5.x if you want to be relevant). It yields a really costly entry point to target "Linux" as a platform, and it's exactly why most Software Vendors target "RHEL" and not "Linux". And that's part of the reason[1] why most of our customers are using RHELs: software vendors only certify their stuff for RHEL, because it's the established reference in the field, and that it costs too much to certify you stuff for yet-another-distro. OTOH, the diversity is also good for us, and there isn't two developers with the same distribution: many Debian sid's, but also lennies, even a gentoo IIRC, and it has proven a good thing to find awkward bugs in our software. But if this diversity is good for the development phase (and can easily achieved using "unstable"-like distributions), it sucks a lot when it comes to distribution. Bottom line, I think your vision of the problem is too black&white. Of course, arguably we shouldn't care about proprietary software. But let's face it, in the end, people will want to make their Oracle cluster work, make their funky Telco hardware work with a proprietary stack and so on. [1] quality of the support is clearly the other biggest part -- Intersec <http://www.intersec.com> Pierre Habouzit <pierre.habouzit@intersec.com> Tél : +33 (0)1 5570 3346 Mob : +33 (0)6 1636 8131 Fax : +33 (0)1 5570 3332 37 Rue Pierre Lhomme 92400 Courbevoie
Attachment:
signature.asc
Description: Digital signature