[GRASS-dev] Re: [GRASS-user] Referencias de GRASS 6.3.0 nativo para MS-Windows

Mon Feb 9 11:17:53 EST 2009

Hamish,

I agree with all you've said here. Perhaps a 'certified malware free'  
notice is ludicrous and your suggestions for positive PR certainly  
good. I just don't want to see OSS follow the lead of current product  
labeling (e.g., admonishments not to use an iron while in the  
bathtub). We want to be honest in both directions. The GPL license  
that we always distribute (and indeed must distribute) contains a  
healthy dose of disclaimer and is even quite readable, compared with  
the legal fine print that accompanies most commercial software.

Michael

On Feb 9, 2009, at 12:32 AM, Hamish wrote:

>
> Michael:
>> I also want to note that while a multi-package over-the-internet
>> installer is perfectly normal in the Linux world, it is not the
>> norm either for Mac or Windows.
>
> (point them to background automatic software updates)
> I guess Cygwin & Fink examples don't count :)
>
>> In fact, in many settings it can be a problem. For situations in
>> which there is an IT division that maintains multiple computers,
>> this kind of installer can prevent users from getting the software.
>
> down here bandwidth is slow and expensive so we prefer to maintain
> local software repositories for multiple installs in the computer
> labs. also net installs often have problems with password protected
> proxy servers (bandwidth is seriously locked down here).
>
>> This means that end-users (who do not have permissions to install
>> software on their own machines) simply will not get GRASS or other
>> OSGEO packages.
>
> see also the OSGeo live-disc project (live Linux boot from CD),
> and Portable GIS project (zero-install GIS on a USB stick on MS Win):
>  http://www.archaeogeek.com/blog/portable-gis/
>
> both ways entirely zero-install / footprint.
>
>> However, all software at the museum is installed by the city IT
>> department, and ONLY by the city IT department.
>
> I wish you luck.
>
>> They are wary of open source software because
>
> fear of the unknown.
>
>> Along these lines, it might be worth thinking about a bit of a
>> different model for open source disclaimers. They generally say if
>> prominent type that 'hey, you're on your own with this; we're not
>> responsible for anything'.
>
> This is for legal & license purposes, not simply misguided marketing.
>
> Term 1 of the GPL reads:
> ----=----
>  1. You may copy and distribute verbatim copies of the Program's
> source code as you receive it, in any medium, provided that you
> conspicuously and appropriately publish on each copy an appropriate
> copyright notice and disclaimer of warranty; keep intact all the
> notices that refer to this License and to the absence of any warranty;
> and give any other recipients of the Program a copy of this License
> along with the Program.
>
> You may charge a fee for the physical act of transferring a copy, and
> you may at your option offer warranty protection in exchange for a  
> fee.
> ----=----
>
>
>> Overall, my experience with major open source packages is that they
>> are at least as safe and unproblematic as commercial packages--and
>> sometimes considerably better.
>
> Indeed, when hunting for MS Windows software I find myself  
> automatically
> adding "GPL" to the search engine terms to (hopefully) find some  
> utility
> that isn't useless bait&switch-ware. grumble grumble, yay Debian.
>
>
>> But the wording of our disclaimers, while more realistic perhaps, can
>> put off IT managers.
>>
>> We don't want to make unreasonable claims, but perhaps should think
>> more about how we word things so as to be less discouraging to
>> potential new users and IT managers.
>
> ok, Open Source can use with better advertising. No argument there.
> This is Bruce Parens's "sell it on the business case, not the  
> politics"
> angle.
>
>
>> some kind of a 'certified malware free' sticker
>
> talk is very, very, cheap. I would hope :-/ that sort of claim would  
> be
> completely ignored by any competent reviewer. I've gotten enough  
> "Trust Me!"
> spam emails that I generally take those to be an automatic sign that  
> the
> thing is a scam. IMO a professional looking product A-Z is more  
> important
> than a "Trust Me!" badge.
>
>
> We can emphasize:
>
> - many big institutions use & have contributed code (the USACE, the  
> NOAAs,
>  NASAs, University of abc, def, and ghi, Lockheed Martins, etc..)
>  [safety in numbers; in good company]
>
> - that this software is mostly written by professionals & experts  
> (in our
>  respective fields) and not by complete randoms;
>  [respect of peers, people with real-world reputations to protect;
>   more advanced/cutting edge/latest code straight from the authors]
>
> - that our membership in the OSGeo Foundation requires us to have  
> published
>  policy in place locking down access to our source code and to have a
>  clear and stringent method of granting new committers access;
>  [verifiable audit trail]
>
> - that the internals are open to inspection (and this is the kind of
>  software which customizers will actually inspect on a regular basis);
>  [if you still don't trust us, look around, be our guest...]
>
> - if you don't trust the packagers, everything thing is there to build
>  your own binary.
>  [probably prudent to do that anyway]
>
>
> see also paraview.org's website
>
>
> 2c,
> Hamish
>
>
>
>
>