Subject: Re: platform subscriptions as business model (RHAT 10-Q)
From: Tom Lord <>
Date: Sun, 23 Feb 2003 10:24:41 -0800 (PST)

       Tom Lord wrote:

       > I'll add that, as cold hearted capitalists, we should all be comparing
       > the cost of the most ridiculously cloak-and-dagger exploit against
       > the potential returns.

       Bjorn Reese:

       That is exactly what critical systems enterprises do. [....]
       The risks you mention are pretty much standard concerns.

       Furthermore, third-party components [... go] through extensive
       testing first. For example, testing periods of one or two years 
       are not unusual in the military. 

Yet one reads about releases that are less than one or two years old
being deployed in critical sectors.  Also: a large set of individually
non-critical systems on the Internet, all running the same platform,
all taking semi-automated updates from a single source, collectively
constitute a critical system.

Review happens, sure.   A recent example is:

but that certification doesn't appear to consider the update service:

    Administered by the Defense Information Systems Agency (DISA), the
    certification process tests applications for "look and feel as
    well as functionality," the ability to execute government custom
    code, and security and interoperability features.

and may thus create a false sense of security in customers who will
uncritically combine the platform with the update service:

    Yankee Group analyst Laura DiDio told NewsFactor that the COE
    validation is important for Linux because "if you're a corporate
    end user, you're going to say, 'Well, if it's good enough for the
    government, then it's going to be rugged enough, robust enough,
    secure enough, for me.'"

At the same time, update services serve a demonstrated need -- there's
apparently plenty of demand for them.

So I'm asking what I think is a pretty hard question:  what's a better
way to achieve the aim of update servers?   What's a good way to
reduce the risk?   Is it possible to do in a way that preserves the
very high margins?