Re: open source PostgreSQL not supportable?
Date: Mon, 09 Jan 2006 18:42:41 -0500
Message-ID: <m3u0cdvuha.fsf_at_mobile.int.cbbrowne.com>
> Alexander Schreiber <als_at_usenet.thangorodrim.de> writes:
>
>> Add backdoors and things get even more interesting. One commercial
>> database (ISTR it was Interbase) shipped with a backdoor for years
>> that only got discovered (and removed) when the code finally went
>> Open Source.
>
> Quite true. It's a good thing the Sarbanes-Oxley statute (a
> U.S. law, not an international law, by the way) does not require
> companies to trust Oracle et al more than they trust their DBA.
> However, the statute does seem to leave it up to auditors to
> determine what constitutes appropriate controls. I'm curious as to
> what auditor told DA Morgan that he had to use a closed-source
> product that is supposed to be tamper-proof. KPMG hasn't told my
> employer anything like that.
Our auditors didn't tell us anything like that, either.
Perhaps someone is blowing smoke from their nether regions?
-- select 'cbbrowne' || '_at_' || 'cbbrowne.com'; http://cbbrowne.com/info/rdbms.html /Utopia-Bold 40 selectfont/n{moveto}def/p{gsave true charpath clip 72 400 n 300 -4 1{dup 160 300 3 -1 roll 0 360 arc 300 div 1 1 sethsbcolor fill}for grestore 0 -60 rmoveto}def 72 500 n(This signature has been)p (brought to you by the)p(letter Q and the number 42.)p(Chris Browne) p(chris_at_cbbrowne.com)p showpageReceived on Tue Jan 10 2006 - 00:42:41 CET