back to article Open-source enterprise software slinger Red Hat bravely reveals that IT bosses love open-source enterprise software

Red Hat, now a part of Big Blue, on Tuesday released its first annual survey on the State of Enterprise Open Source, a statistical snapshot of what IT leaders think about Linux, Kubernetes and the like. The upshot is entirely unsurprising, dare we say predictable, for a company that sells... open source software to enterprises …

  1. Giovani Tapini

    Security benefit and risk

    That sounds about right.

    Open source, particularly in bigger projects can have far more visibility, testing and shorter remediation times. This is great, however, this is countered by do I trust those libraries maintained by a retired guy and his cat? Have all the relied upon libraries been maintained. Who is looking out for poor quality or malicious code changes? If I find a problem with a library can I get someone to fix it or do I have to attempt to fix it myself?

    This is why enterprises go to red-hat (or equivalents) , and are generally not encouraging random code downloads of code stumbled across on the internet.

    Open source is a very flexible world, albeit with a common aim, so its no wonder the answers look a bit conflicted.

    1. Pascal Monett Silver badge

      Re: do I trust those libraries maintained by a retired guy and his cat?

      No, you don't. And you don't download code in real time to a production server. You copy the library to your development environment, you review the code for any glaringly obvious catches, you test it extensively, and you put it into production when it's ready.

      If a new version of the library comes along, you start the process again.

      But you do not link production code to a server you do not control. That way only madness lies.

      1. Doctor Syntax Silver badge

        Re: do I trust those libraries maintained by a retired guy and his cat?

        At least it's easier to find which libraries these are. Just look for only two committers, one being the maintainer and the other being a cat.

        It's worth bearing in mind that if something hasn't had much change for a long time maybe it's not broke and doesn't need fixing while something that gets a good deal of change might be being broken on a regular basis and in permanent need of fixing.

        1. Paul Crawford Silver badge

          Re: do I trust those libraries maintained by a retired guy and his cat?

          It might not be "in permanent need of fixing" but simply subject to lots of application-breaking changes by folk who are using it for something not quite the same as yourself and/or care not for compatibility (or who don't might fixing their own applications every couple of weeks).

          Either way it is also a bit of a warning that maybe you should think twice about using it.

      2. Tomato42

        Re: do I trust those libraries maintained by a retired guy and his cat?

        > If a new version of the library comes along, you start the process again.

        and yet it's not the way the majority of web applications are developed:

        https://www.theregister.co.uk/2016/03/23/npm_left_pad_chaos/

        > But you do not link production code to a server you do not control. That way only madness lies.

        oh, madness indeed. That does explain quite a few things...

      3. John Brown (no body) Silver badge

        Re: do I trust those libraries maintained by a retired guy and his cat?

        "But you do not link production code to a server you do not control. That way only madness lies."

        Unless you are a webdev...

    2. Paul Crawford Silver badge

      Re: Security benefit and risk

      At least you got your own copy of the code either way so (in theory at least) it can be fixed as needed. Not like some high profile software:

      https://www.theregister.co.uk/2018/01/16/microsoft_equation_editor_patched/

    3. Alistair
      Windows

      Re: Security benefit and risk

      @Giovani:

      The old fart may be retired, but his cat wears a fedora.

    4. Jim Mitchell Silver badge

      Re: Security benefit and risk

      In some respects, "open source" is like candy from strangers or USB thumb drives found in the parking lot. Some caution and due diligence is required. Even if you think cats would make great software developers.

    5. avidal

      Re: Security benefit and risk

      These libraries are usually maintained by communities of people that peer review. Everybody is free to join.

      It's funny how you generalize calling all of it "those libraries maintained by a retired guy and his cat".

      Those libraries my friend made the internet what it is today from the bottom to the top. Otherwise you would be surfing your "enterprise grade" internet with the ie6 derivatives.

      So you don't trust the open nature of that,

      but you blindly trust microsoft, oracle, amazon....

      You submit to them all your business insights all your customer data?

      You lock your business and clients to them so they will eventually suck the life out of them?

      You put it in schools and governments?

      .....

  2. Anonymous Coward
    Anonymous Coward

    Paying for free stuff.

    My current employer (and thus the anonymous post) is using RedHat because "We need the support". The ONLY thing the "support" is ever useful for is ... licensing problems. Other than that, never got a useful answer out of them. And when we DO have licensing problems (which is often), we never get an "Enterprise Grade" response time.

    So ... we paid for free software to get help on the part that involved paying for the free software. And stopped us from using the free software until it was fixed. And it was fixed slowly. And we pay for this.

    And thus, when I see "EOS", I think "End Of Support". And when I hear "Enterprise Grade", I think "Crap no self-respecting small business owner, who cared more about results than having someone to blame, would ever base their company around".

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021