Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
GNU is Not Unix Oracle Security Sun Microsystems

Oracle/Sun Enforces Pay-For-Security-Updates Plan 238

An anonymous reader writes "Recently, the Oracle/Sun conglomerate has denied public download access to all service packs for Solaris unless you have a support contract. Now, paying a premium for gold-class service is nothing new in the industry, but withholding critical security updates smacks of extortion. While this pay-for-play model may be de rigueur for enterprise database systems, it is certainly not the norm for OS manufactures. What may be more interesting is how Oracle/Sun is able to sidestep GNU licensing requirements since several of the Solaris cluster packs contain patches to GNU utilities and applications."
This discussion has been archived. No new comments can be posted.

Oracle/Sun Enforces Pay-For-Security-Updates Plan

Comments Filter:
  • Just like Redhat (Score:3, Informative)

    by shafty023 ( 993689 ) on Tuesday March 23, 2010 @11:40AM (#31584476)
    This isn't any different from what Redhat does. They charge for security updates and no one has gone crying about it. Can't all jump on Oracle for wanting to be paid for the development time put in for security updates ppl
  • Re:Just like Redhat (Score:5, Informative)

    by Anonymous Coward on Tuesday March 23, 2010 @11:44AM (#31584530)

    o rly?

  • Just another step... (Score:3, Informative)

    by ak_hepcat ( 468765 ) <leif@de n a l i . net> on Tuesday March 23, 2010 @11:51AM (#31584630) Homepage Journal

    ...and another 'I' dotted in Oracle's plan to kill off Solaris, and force Linux as their high-end product.

    I only have one Solaris server left, and I'm rapidly losing any real need to keep using it.
    In fact, I will probably end up migrating off of Solaris this year, just to be done with it.

    Linux works just fine on my Sparc hardware, even my Ultra Enterprise 2, which hasn't seen
    upgrades or replacement parts in over 10 years. (and why it's still up and running, I don't know...)

  • Re:Sidestep? (Score:2, Informative)

    by hellraizer ( 1689320 ) on Tuesday March 23, 2010 @11:55AM (#31584682) Homepage
    it may be so ... but .... Quoting Oracle's web page ... "Licensing Information By accessing the software on this Web site, you agree that (1)(a)you have already obtained a license from Sun, or a Sun partner, for your current use of the software; and (b) that your Sun License Agreement, Sun Partner Agreement, or other license agreement with Sun or a Sun partner, together with the applicable Entitlement or order document with Sun or a Sun partner, governs your use of the software, or (2) if you have not already obtained a license from Sun or a Sun Partner for your use of the software, the Sun Microsystems License Agreement on this Web site governs your use of the software for the time specified in such agreement. Note: Programs downloaded for trial use or downloaded as replacement media may not be used to update any unsupported programs " The word LICENCE comes up very often .... am i wrong about this ???
  • by Capt James McCarthy ( 860294 ) on Tuesday March 23, 2010 @12:01PM (#31584764) Journal

    I don't want to sound negative, but I was always worried about Oracle buying Sun, for how it would impact negatively on Sun's business. For me the Oracle web site is so convoluted that it stinks of 'we designed this so that you to pay use to find it'. Everything feels designed to nickle and dime everything you try doing with them. This is based on experience of having get specific updates to fix certain known issues. If you don't agree with my perspective, I would gladly appreciate hearing about your experience.

    I am a Java developer and I hope that they don't extend this to Java or any other Sun technologies with a more 'open' culture.

    I agree. I cringe every time I venture into the quagmire of to obtain a CPU or look up information/patches for an older version of oracle. Sun's site was much easier to navigate through for patch clusters or specific patches themselves. Now that sun's site is folded into oracle's site, finding hardware information has become a pain. I did find that going to sunsolve still is the way to go though.

  • by pedestrian crossing ( 802349 ) on Tuesday March 23, 2010 @12:01PM (#31584772) Homepage Journal
    This policy was in place -long- before the Oracle deal. It has been over 3 years since you needed a support contract to get patches...
  • by Kenneth Stephen ( 1950 ) on Tuesday March 23, 2010 @12:15PM (#31584984) Journal

    I can't think of any IBM product on the "distributed platforms" (i.e not mainframe or i5OS) where the fixpacks are not available for free.

  • Mistake (Score:1, Informative)

    by Anonymous Coward on Tuesday March 23, 2010 @12:19PM (#31585030)

    The linked thread already points out that this was a mistake, not intentional, and provides a link to the Sun site with details.

  • by Anonymous Coward on Tuesday March 23, 2010 @12:24PM (#31585156)

    There's a big difference - it used to be you needed a contract to use their patch update manager (and one contract covered all machines), but not just download individual patches or patch clusters (which, BTW, are integrated into the latest full OS downloads, and in fact at least one Sun person I've seen has recommended just grabbing the latest full OS download and using that to apply updates!). Now, not only do you need a contract, but you need one for each machine and OS version separately, and you can't actually buy the contracts from Oracle anyway. There's NO way to purchase them online (in fact the one link that's been posted multiple times as "I've verified this works" by Sun/Oracle people takes you to the Oracle 404 page), and when you leave your name with the pre-sales people to have sales call you, you don't get called back (since there's no way to actually talk to a sales person directly).

    I suspect that Oracle is doing everything they can to passively kill Solaris without admitting it, that way they can say it wasn't their fault (or plan all along) when the regulators and shareholders come asking questions... If I had my choice, I'd be off Solaris completely, but at least for right now I don't. What's really interesting is what this is going to do to all those proprietary software vendors who require Solaris as the server OS for software used in regulatory compliance-audited environments. Since no patching = non-compliance, the ripple-effect is gonna be HUGE...

  • Re:Sidestep? (Score:3, Informative)

    by spamcop ( 1714222 ) on Tuesday March 23, 2010 @12:29PM (#31585258)
    Solaris is free to download and install and to use for ONLY 90 DAYS! They changed this licence only few days ago. [] Quote: Solaris 10 Download Customers bla bla bla... Please remember, your right to use Solaris acquired as a download is limited to a trial of 90 days, unless you acquire a service contract for the downloaded Software.
  • by Anonymous Coward on Tuesday March 23, 2010 @01:35PM (#31586328)

    This policy was in place -long- before the Oracle deal. It has been over 3 years since you needed a support contract to get patches...

    But not security patches.

  • by ma3382 ( 1095011 ) on Tuesday March 23, 2010 @02:11PM (#31586950)
    During the time frogs are submerged under water or buried in soil they breathe through their skin.
  • by RivieraKid ( 994682 ) on Tuesday March 23, 2010 @02:15PM (#31587034)

    Unless they've been stung by a Scorpion, in which case the venom will kill or paralyse them, thus preventing them from breathing.

  • by turkeyfish ( 950384 ) on Tuesday March 23, 2010 @02:19PM (#31587110)

    The title of this article is incorrect. It should read Oracle announces its products will become less secure over time. This will be true because they will permit malware to infect a percentage of their installations, which in turn will corrupt others by providing an internal platform for hackers to penetrate otherwise secure systems. Either a product is secure or it is not. Oracle is merely announcing that their products will not be secure.

  • by Paul Jakma ( 2677 ) on Tuesday March 23, 2010 @02:33PM (#31587372) Homepage Journal

    I think you've missed the point. Sun still made security patches generally available, Oracle have made those $$-only as well now.

Logic is a pretty flower that smells bad.