Tangental And OT: Commercial Support For 'sudo'

Julian H. Stacey jhs at berklix.com
Fri Aug 24 22:40:19 UTC 2012


Hi,
Tim Daneliuk wrote:
> Please forgive the OTishness of this, but I'm hoping some of
> my fellows in the large data center space may have a hint or
> two here ...
> 
> I am working with a firm that needs to run sudo in a variety of
> OS environments.  A few of these - noteably IBM AIX - do not provide
> vendor support and legal indemnification of many open source packages,
> sudo among them.  This is official a Big Deal (tm) for this company.
> 
> So ... does anyone know of a commercial concern that provide sudo support
> and legal indemnification?  GratiSoft - the keeper of sudo - were apparently
> going to do this at one point but decided not to.

It wouldn't surprise me if no firm offered useful legal indemnification
with contract terms the lawyer of your firm would consider acceptable.

Why suppliers might not like to offer cover:
	How long is a piece of string ? Define what doors the string
	connects, contracturaly definie routes & limits & values of
	potential consequential damage to data & service & 3rd parties.

	How much would lawyers & insurance brokers/suppliers push
	up the price for defining cover ?

	Reduced motivation to purchase cover anyway in realisation
	its a grey area, eminently disputable, & come a big claim
	on insurer, he'd be looking for loopholes, so insuree (your
	firm) could end up sueing insurer.  

	Yet more lawyers & insurance fees; a profitable interesting
	relatively safe software supply business is different
	from the insurance business.

Some managers are clueless, first demand the impossible, don't get it,
then compromise without, & do business without:

	One customer demanded as standard, my welding certificate
	& insurance over a million Euros, I refused, offered I would
	stand on street & pass a floppy disk through their fence.
	It escalated to someone responsible, they abandoned their
	conditions & purchased.

	Several customers wanted me/my company to accept unlimited
	risk in event of copyright law suit (possible to research
	that risk, though still dangerous as even defending frivolous
	law suits can cost) and to cover risk of software patent
	litigation (impossible to know risks that lurk, no way!).

	Iv'e always refused, but offered to help explore
	contacts in insurance business if customer Really wants to purchase
	own insurance. After Thinking, they've Always backed
	down, & decided that's Their business operating risk they
	should shoulder & not try to pass to others, as no
	one else is stupid enough to accept undefinable risk, except
	possibly at very heavy extra cost & debatable usefulness.

Even if a firm categorically demands insurance,
	- does not mean they will get it,
	- indicates some manager is clueless, foolish or deluded/ aggressive,
	- shows the firm is a business risk, as it doesn't understand
	  associated business issues.

Every cloud has a silver lining.  An indemnity contract (if any
found) will have legal terms that purchasers lawyer will need to
consult a computer professional about. The purchasing firm will end
up paying 2 professionals to define its risk, & probably decide to
skip it, & carry it's own risk.

PS Another discussion forum to ask on: SAGE, System Administrators Guild

Cheers,
Julian
-- 
Julian Stacey, BSD Unix Linux C Sys Eng Consultants Munich http://berklix.com
 Reply below not above, cumulative like a play script, & indent with "> ".
 Format: Plain text. Not HTML, multipart/alternative, base64, quoted-printable.
 Mail from Yahoo & Hotmail to be dumped @Berklix.  http://berklix.org/yahoo/


More information about the freebsd-questions mailing list