Re: Open Source Oracle?

Pete Finnigan <plsql_at_petefinnigan.com> wrote in message news:<nsFlhJBFkrRBRxpB_at_peterfinnigan.demon.co.uk>...
> Nice thought Howard,
>
> It would be very useful for security research as some parts of Oracle I
> am sure must be very similar or the same as now and certainly from the
> same source tree.
>
> We would get the TNS protocol, the password algorithm, the C source of
> all of the built in SQL and PL/SQL functions, the C source of wrapping
> mechanism, a look at the SQL and PL/SQL VM's, compilers, and op codes,
> machine code ect.... Just think how many buffer overflows would be found
> in security alert #69 if we had access now to the source.

Yes, the Open Source ideal is to find this stuff and _fix it._ Someone would have to play the Torvalds "Benificent Dictator" role, and I can't see tkyte having enough time to do that :)

>
> what about all the tuning guys who can finally see "exactly" how some
> features were implemented, extrapolating forwards to 8i, 9i and 10g
> would be easier.
>

That doesn't go far enough. Doesn't anyone remember what a PITA it was to grind through O7's idiosyncracies? Just look at, even now, how many posts here are like "stop thinking that way, this is Oracle, read the first three chapters of that book, and get a real DBA."

I don't think there is any canonical listing of all the bugs (certainly the published list is far from complete) and misfeatures (EPS_ENABLED [wuzzatwhatitwas?], anyone?), nor is there likely to be. It's probably too much to ask to have metalink not toss O7 notes.

> A lot of the security features are proprietary and not published so i
> cannot see Oracle ever giving away the source even old source.

I bet a lot of code might be just plain embarrassing, too :-)

>
> Now a licence free for any purpose version of 7 or 8 for Linux would be
> nice though.

Maybe, maybe not. I've seen enough "deferred maintenance" databases that the thought that such a thing could be legally countenanced is frightening. It is a _good thing_ that old versions are decremented. We can finally convince people to use LMT's, for goodness sake. There's a lot of baggage in O7. "What does 'unable to extend' mean?"

>
> kind regards
>
> Pete
>
> In article <414561a6$0$20578$afc38c87_at_news.optusnet.com.au>, Howard J.
> Rogers <hjr_at_dizwell.com> writes
> >I wish Oracle Corp. would release obsolete versions (7 and 8.0, for example)
> >as open source.
> >
> >Just because those versions don't have Java, XML and other whistles and
> >bells, it doesn't mean they wouldn't make a fine replacement for the MySQL
> >and Postgress stuff that usually gets included in all the normal Linux
> >distributions these days.
> >
> >Fat chance, of course.
> >
> >Just wishing and idly dreaming...

Just wake up before the nightmare part starts.

jg

--
@home.com is bogus.
Can't believe I'm debugging .BAT files.