[atlas] Survey results on Atlas open-sourcing
Philip Homburg philip.homburg at ripe.net
Wed Jan 4 16:45:03 CET 2012
On 1/4/12 16:11 , Simon Josefsson wrote: > "Richard L. Barnes"<rbarnes at bbn.com> writes: > >> Analyze as you will :) > One thing that strikes me from the discussion has been an absence of > answers to this question: What would reasons be to _not_ release the > source code? > > I believe that unless there is a strong reason not to release the > source, it should be done because there is interest in it and there is > potential to get improvements out of it. > There are some non-technical arguments that I won't list here. One argument for not releasing is security by obscurity. It is easier to find security holes if you can just download the source. Instead of trying to obtain a probe, getting the firmware out of it and decompiling the binaries. In short, within RIPE NCC the question needs to be answered whether the source can released as is, or whether a security audit is required. Needless to say, a security audit is likely to cost money. Dumping the source just as a tar file on a web site is easy. But that will be one way communication. And most likely fork the project. Not good. If you want to turn it into an open source project, then a lot of stuff has to happen. In particular, the project has to be mature enough that it can actually be installed without too much pain. Of course, this costs time and money.