Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
GNU is Not Unix Oracle Security Sun Microsystems

Oracle/Sun Enforces Pay-For-Security-Updates Plan 238

An anonymous reader writes "Recently, the Oracle/Sun conglomerate has denied public download access to all service packs for Solaris unless you have a support contract. Now, paying a premium for gold-class service is nothing new in the industry, but withholding critical security updates smacks of extortion. While this pay-for-play model may be de rigueur for enterprise database systems, it is certainly not the norm for OS manufactures. What may be more interesting is how Oracle/Sun is able to sidestep GNU licensing requirements since several of the Solaris cluster packs contain patches to GNU utilities and applications."
This discussion has been archived. No new comments can be posted.

Oracle/Sun Enforces Pay-For-Security-Updates Plan

Comments Filter:
  • Mr. Opportunity (Score:2, Interesting)

    by abbynormal brain ( 1637419 ) on Tuesday March 23, 2010 @11:44AM (#31584528)

    ... is knocking on the door of the competition.

    There are many ways to take news like this. For those invested, it's a blow. For the free market and those looking for marketing opportunities (cough ... I'm talking to the competition) .... this is your opportunity to do something good to us looking for solutions and yourself (in recapturing market share). Make me an offer I can't refuse.

  • by sean.peters ( 568334 ) on Tuesday March 23, 2010 @12:07PM (#31584862) Homepage

    Just because they're selling the security updates doesn't mean they're in violation. I think it's highly likely that Sun/Oracle will go right ahead and sell their updates, and make the source code available (via the web?) for the GNU parts. Offering the source for the GNU packages wouldn't cut into their sales much, as most of their customers are probably not inclined to compile this code for themselves anyway (if they were, my thinking is that they probably wouldn't be running Sun). And even if they were, they'd miss out on updates to the proprietary parts of the code.

    I'm having trouble seeing what the big deal is here.

  • by Wannabe Code Monkey ( 638617 ) on Tuesday March 23, 2010 @12:29PM (#31585234)

    Don't 'presume'. ARE they offering the source code for the gpl portions of the patches? If they are, get those. If they aren't, it isn't side stepping, it's flat out breaking.

    I think you'll find that 'not presuming' is exactly what the parent is doing. The summary said, "What may be more interesting is how Oracle/Sun is able to sidestep GNU licensing requirements". And the poster is saying, "Hey lets slow down a second, are we sure Oracle isn't giving access to the source code to their customers?" Remember, there's nothing stopping Oracle from charging for GPL source code, and they only have to provide access to the source code to the people they distribute the binaries to. So if you don't have a support contract with Oracle, they don't have to provide you with the source code because they're not providing you with the binaries either. However, if one of their customers decides to redistribute the source code, there's nothing Oracle can do about that.

  • by Anonymous Coward on Tuesday March 23, 2010 @12:46PM (#31585554)
    I just want to congratulate Oracle on doing everything it can to kill off Solaris passively [] so they don't have to admit what they're doing. I need a Solaris support contract in order to keep a few systems running specialized software in a compiance-audited environment up to date. This is software that is run in many environments where the inability to keep them patched is a showstopper. However, I can't seem to purchase a support contract. The only page that even lists the ability to purchase it is broken (see dpfloyd's comment), and I have not receved a call back from Oracle/Sun sales in nearly a week (and that was after getting bounced through 6 different people to a support person who at least knew to forward my info to a Sun-related salesperson, or so they said). Additionally, if you click the "How to Purchase a Contract" it provides no actual info on how to do that, and the link it has to "Learn More" takes you into an infinite loop of "click here, now click here, now click here - oh, wait, I'm back where I started" when you try to find out about Sun Solaris support.

    I hope I'm wrong about what's happening, but I can't say that any of this gives me the warm fuzzies. I'd say that if I had control over the platform I'd migrate those systems off of Solaris to another OS, but I'm guessing that's exactly what Oracle wants...

    Can SOMEONE at Oracle/Sun please tell me how to purchase a support contract to download OS patches? If not, can someone from Oracle/Sun officially tell me to bugger off so I can tell my boss that we're never going to be able to update those servers again and we can start planning on how we're going to get around that issues?

  • by Perl-Pusher ( 555592 ) on Tuesday March 23, 2010 @01:51PM (#31586566)
    By that measure then no need for Toyota to recall anything. You paid for the current version of the vehicle so they can just charge to fix your death trap. As long as its reasonable, labor, parts of course! I'm waiting for someone to set a legal precedent here. The day a software company becomes liable for negligence will forever change IT. I can see it happening at a hospital where access to vital information was lost and someone dies.
  • Re:Absurd! (Score:2, Interesting)

    by KharmaWidow ( 1504025 ) on Tuesday March 23, 2010 @09:15PM (#31592378)

    It has nothing to do with ethics! Ethics are subjective, as well.

    For it to be unethical, the company would have to release software knowing that the bugs or security holes exist *for the purpose of* selling a fix. As much as we like to hate big companies, I highly doubt that is the cast.

    No one with a sound or mature mind would believe that buying software these days is going to be without bugs or eventual security holes. Its *impossible* to make perfect software when the makers are unanimously imperfect.

    People are benefiting from the buggy software - otherwise they wouldn't use it at all. They need to compensate for that use.

    There are a multitude of issues to accommodate for - many of which are due to user error and failure of users adhere to specs or follow necessary procedures.

    Nor is it an issue of capitalism. If you just open your eyes and look around some of the most notable infamous people are are socialists or communists.

    I think people need to grow a pair... and acknowledge that if you want people to do stuff for you, you need to compensate them for it. Thinking you are entitled to free support, perpetually is living in a fantasy world.

"What the scientists have in their briefcases is terrifying." -- Nikita Khrushchev