Re: Gauntlet: source code anyone ?

[Darren Reed <darrenr () reed wattle id au>]

In some email I received from Steve George, sie wrote:
[...]
> This does make me laugh slighty, given that we will now have to pay for
> exactly the same thing that we purchase normally, just in a different
> state ie compiled.  No doubt we won't be purchasing the ability to
> actually DO anything with the code ie sell my 'altered' version of
> Gauntlet.  I now have to pay to have the option of checking if the FW is
> secure: and I won't even dignify the 'this keeps non-serious people
> away' with a reply.

So you've had access to it in the past, correct ?

How many bugs did you find when you checked the source then for its
security then ?

What you've now got to ask yourself is will you actually do anything
useful with the source code, once purchased, given the nature of the
license that comes with it ?

As much as I like to have source code to play with, I don't have the
time to review the entirity of some other company's work.  How many
people read all the way through Linux before using it on a firewall,
even just their ip firewalling code ?

I think the argument about needing to have it available in case you
decide to examine it is a somewhat bogus argument.  

On the other hand, having source available so you can add personalised
hacks is always useful or when trying to write your own programs to
interface with something else.  But unless you intend on staying at the
same job for some time, adding personalised hacks can easily lead you
astray down the path of creating an unmaintainable system...from the
original hacktest questionaire:

 0241 Is your job secure?
 0242 ... Do you have code to prove it?

...whether that's a professional attitude to take, I'll leave to you.

Darren