Asinine Move By MySQL

Apparently the folks at MySQL have decided to stop making the source code to the Enterprise version of their product publicly available.  Because MySQL Enterprise will still be released under the GPL they have to make the source available and their customers will be free to re-post the source code publicly.  So I am sure the code will still be made available to the public – just not from MySQL.

This seems to me to be to be a completely pointless move.  The source code will still be available – but now people downloading the source code will have to get it from a non-MySQL source.  This raises all sorts of authenticity issues.  Perhaps they think that this will induce folks to buy the paid Enterprise version but I don’t think so.  I think it just means that there will be all sorts of copies of MySQL Enterprises sources running around creating confusion.  Great work, MySQL.

And MySQL isn’t the only open source group making dodgy moves today.  The BitTorrent folks also decided to close the source of the “reference” implementation of their tool as well as make it harder to follow updates to the underlying protocol.

Perhaps these companies based on open source need to remember their roots.  Putting silly roadblocks in the way of the world of open source fans won’t stop them from getting what they want – it only invites a lot of wasted time and effort that could be otherwise focused on actually improving the projects.  This kind of reminds me of the Ruby On Rails security issues from about a year ago.  The RoR folks wouldn’t disclose what the problem was, but immediately after the security fixes were checked into the repository, people watching the repository looked at the diffs involved with the fixes and posted details.  Instead of disclosing the issue and freeing up time for developers to determine how to proceed with the rollout of the fixes, RoR essentially guaranteed that a bunch of time would be wasted reverse engineering obvious information.  Same thing here: the MySQL source and the BitTorrent protocol information will remain available, but now folks will have to waste time re-posting and reverse engineering.  Silly…

–Dan
dan _at_ denimgroup.com

About Dan Cornell

A globally recognized application security expert, Dan Cornell holds over 15 years of experience architecting, developing and securing web-based software systems. As the Chief Technology Officer and a Principal at Denim Group, Ltd., he leads the technology team to help Fortune 500 companies and government organizations integrate security throughout the development process. He is also the original creator of ThreadFix, Denim Group's industry leading application vulnerability management platform.
More Posts by Dan Cornell

Categories: Information Security

Leave a Reply

Your email address will not be published. Required fields are marked *