开源系统管理问题总结.ppt

* * * * #2. Automation of OSS management in SW development – for consistency, re-use NEED: Drive consistency reuse across Devel Org, while ensuring compliance with Corp Policy doing multi-source Devel, but manual processes to inventory, track, validate use of approved code (source binary) wanted better control, tracking, and management, ensure compliance with company policies, and check for security vulnerabilities. also needed a way to automatically check their code for export compliance regarding cryptographic code. USE: Black Duck Suite to automate their code validation and compliance, ensure that only approved code is being used, and automatically check their code for cryptographic algorithms that may be subject to export regulation. Black Duck catalog can be integrated with Subversion to ensure approved code is available for reuse Once automated by Black Duck, this customer reported benefits of a 20X speed up of their processes, more extensive use of OSS, and better support of their Agile development process Can be used Statically – at checkpoints in the Dev process: initial code acquisition; first check-in to Subversion, full scan at Release time… Or Dynamically: attached to the build process to identify/validate binary artifacts before submitted to (nightly) Build, or of the source of each artifact that is submitted to Build process if code complies, process proceeds; if compliance issue is found, it’s flagged and routed for remediation. * 這是一個因為使用開源軟體導致訴訟的例子。發生在了大名鼎鼎的思科公司身上。 首先，CyberTan是一家做軟體外包的公司，為Broadcom寫軟體。他們使用Linux代碼，經過客戶化後，做在了Broadcom的一款晶片裡面；大家都知道，Linux是採用GPL許可證的。GPL是開源軟體的一種許可證，它要求所有使用GPL代碼的軟體，不能用於商業銷售的產品，如果用了，要麼開放自己產品的全部原始程式碼供下載，要麼回收產品或者免費提供產品。這個晶片是Broadcom一個晶片集的一部分；這個晶片集，隨後被Linksys的在WRT54G的無線寬頻路由器所採用；2003年，思科花了5億美元收購了Linksys；隨後，自由軟體同盟FSF狀告思科違反了GPL許可證協議；思科迫於壓力，開放了WRT54G的全部原始程式碼。這個事情，不但造成了思科的巨大損失，而且進一步的損失還包括，由於其他人員通過修改思科的代碼，將一個低端的設備變成了高功能的路由器，破環了思科的無線產品銷售策略。 * * Finding re-usable code to meet requirements Black Duck KB of open sour