Re: Is Open Source Enough?

From: Arthur Keller <voting_at_kellers_dot_org>
Date: Thu Sep 06 2007 - 18:19:27 CDT

At 2:59 PM -0700 9/6/07, Brian Behlendorf wrote:
>If, however, the cost of certification continues
>to be borne by the vendor, then I think it's fine to say the vendor (who made
>the investment and took the risk) has the exclusive right to use that
>certification. Today this is a moot issue as everyone's code is different and
>must be separately certified anyways - but if we're trying to break the mold
>this is IMHO a good place to go even further. It helps make the case for why
>certifications should be publicly funded, too, as it eliminates the appearance
>of corporate subsidy.

There's also the problem of who owns the certification report. If
the vendor pays for and owns the certification report, the vendor can
keep it secret. My preference is that all certification reports that
approve the system must be made public.

Another issue is if all certifications are paid for by the vendors,
then the certifier is working for the vendor. If the vendor has a
choice of certifier, then the vendor may choose the one that gives
the vendor an easier pass.

This issue of choosing the certifier is recognized in how
Environmental Impact Reports (EIR) are prepared under the California
Environmental Quality Act (CEQA, pronounced "seequa"). The project
sponsor pays the full costs of preparation of the EIR, but the
approving government agency chooses the entity that prepares the EIR.
(Usually the approving government agency has a list of pre-approved
vendors with negotiated contract terms, and there is a predefined
algorithm, such as round robin, for selecting the vendor to prepare
the EIR.)

One could have a hybrid model where vendors of proprietary systems
pay for the certification from a certifier chosen according to the
CEQA model and own their certifications. Vendors of systems for
which full specifications and no proprietary claims have been made,
except for true COTS hardware components, can get government-paid
certification if any vendor that sells that certified system in the
certified configuration may take advantage of the government-paid
certification.

Best regards,
Arthur

-- 
-------------------------------------------------------------------------------
Arthur M. Keller, Ph.D., 3881 Corina Way, Palo Alto, CA  94303-4507
tel +1(650)424-0202, fax +1(650)424-0424
_______________________________________________
OVC-discuss mailing list
OVC-discuss@listman.sonic.net
http://lists.sonic.net/mailman/listinfo/ovc-discuss
By sending email to the OVC-discuss  list, you thereby agree to release the content of your posts to the Public Domain--with the exception of copyrighted material quoted according to fair use, including publicly archiving at  http://gnosis.python-hosting.com/voting-project/
==================================================================
= The content of this message, with the exception of any external 
= quotations under fair use, are released to the Public Domain    
==================================================================
Received on Sun Sep 30 23:17:06 2007

This archive was generated by hypermail 2.1.8 : Sun Sep 30 2007 - 23:17:20 CDT