2008-05-11

Rant: Open Source is not secure

If you don't know, I have a job. Now, my boss has problems with open source software. He says, that because it's source is available - everyone knows how to hack it. In other words - my boss thinks, that all open source software has security issues.

Normally, I couldn't care less, what my boss thinks about it. However, due to his trust issues, programmers have productivity issues. Imagine that? Well, let me explain...

Currently, the best version control system in the world is Subversion. It's an open source version control system. As explained in the Subversion Book - Subversion uses the copy-modify-merge model. It's a great model, because there are no locked files, ever! Sure, you sometimes need to manually merge your changes, but that doesn't happen very often. Even when it does happen - there are wonderful tools to help you, like TortoiseMerge (part of TortoiseSVN). So it's not really a time waster.

Now, as I said - Subversion is open source. My boss doesn't like it, obviously. He thinks, that if we'd use it - someone could hack into our code repository. So, the boss is forcing us to use SourceGear Vault. Now, the problem with it is that it uses the lock-modify-unlock model. The problem with this model, especially in our case, is that it locks every file automatically, when you start editing it. Now, that operation, usually, takes from 10 to 20 seconds. Imagine that - you open a file, you just want to add a few lines of code, you navigate to the right place, hit ENTER to start adding new code and Visual Studio hangs for about 12 seconds... And that happens each time you open a new file to edit. It isn't the only problem with Vault, but it certainly is the most annoying one. Another issue, worth mentioning, is that Vault's documentation is very incomplete and doesn't cover some important topics.

Now, what do I do? How do I convince my boss, that open source can be just as safe as closed source, commercial projects? I though about that and frankly - I have no idea...

Maybe I should show him the testimonials on Subversion project page. I should also, tell him about the certified Subversion binaries, available from CollabNet. Pointing him to Subversion Access Control from WANdisco, might also help.

I don't know, I guess, the moral of my post is this: if you have a software company, be careful with your opinion, don't be religious about anything - it might be the one biggest thing slowing down your developers.

Edit: I forgot to write about the other - closed source alternative to Subversion that is just as nice (or so I've heard). I'm talking about Perforce. From what I have found on the web - Perforce might even be a better than Subversion on some aspects. My boss should like it, because it's not open source. Well, if I fail to convince my boss to switch to Subversion, I'll suggest Perforce.

1 comment:

Ashish said...

I am relatively new to Open Source. But recently, i have been migrating from windows to Linux and i must say that, its awful using linux(kubuntu 7.04). I think normal users dont like to use linux, because there is an established belief that linux is about bad interface and so on.. Well i have just configured my desktop look and i must say, its better than XP.
What i like about linux is that there are lots of open source software available and of course they are reliable.