[BBLISA] How would you address this?

[stephen wadlow]

On Feb 17, 2006, at 3:21 PM, Michael Tiernan wrote:

> Vendor says:
> For security reasons, the license file must be in /opt/FOOFOO_license
> unless /opt is not on local disk. In that case, the license file  
> will be
> placed in /var/adm/FOOFOO_license. This is not a bug.
>
> So, what logic do you throw back at them? I've run into this sort of
> thing before and I always end up being speechless because I can't
> believe someone would say such a thing.
>

I'd love to know why they think that this is more secure (or why  
alternatives are less secure) and why it's not a bug.

Does the program have to run as root?  That'll be a good indication  
about how lazy they are, and hot much they
really care about security.

My response would be:   "My company does not allow outside  
organizations to dictate our systems administration standards and  
security policies without justification.   We are the customer in  
this situation.  What is your explanation for needing to change the
way we do things?"

And to support it from your side:  If all of the other licensed  
software that you use has the ability to let you choose to centrally
manage where and how you store your licenses, then you've got the  
power of a standardized system working for you.   If this
one package has inflexible requirements, then it will be the  
albatross in your environment, and will likely suffer for it.   Their  
inflexibility results in higher sysadmin costs on your end, and the  
increased likelihood of downtime, or generally being unavailable
due to not fitting nicely into your system.   So, it's a bad match  
for you, and bad PR for them.   That might be enough reason to
investigate alternatives.

					steve