From: Eric Lease Morgan <emorgan@nd...> - 2003-12-22 13:54:29
<announcement type='self-promotion' apology='cross-posting'>
LITA's newest Regional Institute, "Open Source Software in
Libraries" will debut in San Diego. Participants in this
full-day hands-on institute will:
* learn skills enabling them to download and install
GNU software and Perl modules;
* create and download software from a CVS repository
for sharing code;
* evaluate open source software for usefulness and
* create and foster a community of developers and
* conduct usability studies to verify a computer
The presenter is Eric Lease Morgan, Head of the Digital
Access and Information Architecture Department at the
University Libraries of Notre Dame. One of Eric's more
recognized accomplishments is the development of a portal
application called MyLibrary. Recently he was awarded the
2002 Bowker/Ulrich's Serials Librarianship Award for his
serials work as well as MyLibrary.
For more information and to register, please visit:
Registration for ALA Midwinter is not required to attend this
Institute. Because of the hands-on nature of this session,
attendance is strictly limited to 30. Your place is not
reserved until payment is received.
<name>Eric Lease Morgan</name>
<institution>University Libraries of Notre Dame</institution>
I'm going to be giving a presentation on Open Source Software for
libraries at a local conference in February, and I've been told that one
of the issues librarians will be concerned about is how to assure that
patron records will be at least as private as they are on proprietary
library software. Related to that question is how secure Open Source
Software for libraries is if anyone can have access to the source code.
What has been your experience with these issues?
"We cannot direct the wind but we can adjust the sails."
From: Ed Summers <ehs@po...> - 2003-12-22 15:13:23
On Mon, Dec 22, 2003 at 06:29:58AM -0800, Denise Sharp wrote:
> Related to that question is how secure Open Source Software for libraries is
> if anyone can have access to the source code. What has been your experience
> with these issues?
The benefit that open source software has over closed source is that anyone
who is interested can take a look at the code, and decide for themselves
whether it is secure or not. If the product is popular then "many eyeballs"
are able to locate purposefully malicious code (backdoors), or just common
blunders that can be exploited, and the code can be modified.
In the closed source world you get security through obscurity: the code cannot
be seen, and so you simply have to trust that it is up to snuff. If you
suspect that there is a security flaw in the system, or have found one, you
have no way of fixing it yourself. You are at the whim of the vendor, and your
best bet is publicizing the flaw in a venue such as bugtraq.
Here are a few interesting online pieces about open source software and