So … this happened.
Oracle has pulled it, probably because they know as stewards of F/LOSS projects inherited from their Sun buyout this is anathema.
If you’ve been thinking about MariaDB or PostgreSQL, you need to read this. Now.
So … this happened.
So … this happened.
Can you imagine the head of security of a floss project telling its users that they can’t make the software better ?
Me neither.
Nuff said.
This post confused me greatly. Let me try again. 🙂 🙂
In her blog yesterday, Mary Ann Davidson, security lead at Oracle, “clarified” Oracle’s policy on reporting security bugs discovered through reverse engineering. (The focus was on bugs found through decompilation and automated static analysis, but presumably the policy is general.) If you want to keep your Oracle license, you can’t reverse engineer the software they ship you: if you report a security bug discovered this way you will get a strongly-worded letter from an attorney with instructions to immediately delete all your work. Guess you should sell the bug to a blackhat instead (just kidding).
The blog post was pulled almost immediately, presumably because it’s kinda insane, but it’s still available thanks to the Wayback Machine at http://web.archive.org/web/20150811052336/https://blogs.oracle.com/maryanndavidson/entry/no_you_really_can_t
If you were thinking about moving to +PostgreSQL or +MariaDB, now would be a good time to go there. (But really any time would be a good time.)
the fact those words made it to the end of the fingers makes one wonder about the mystery 10%