[Info-vax] vax vms licenses

Wed Apr 27 17:13:46 EDT 2022

On Wednesday, April 27, 2022 at 11:27:32 AM UTC+12, Dave Froble wrote:
> On 4/26/2022 5:48 PM, David Goodwin wrote: 
> > On Wednesday, April 27, 2022 at 7:11:54 AM UTC+12, Phillip Helbig (undress to reply) wrote: 
> >> In article <3a643f5c-5df8-4743... at googlegroups.com>, 
> >> David Goodwin <dgso... at gmail.com> writes: 
> >> 
> >>> But I don't see that happening. Too risky, too hard. And I suspect many 
> >>> OpenVMS users would rather see the platform go extinct than be 
> >>> open-sourced. 
> >> If VMS were open source, it wouldn't work. Many point out the 
> >> differences between VMS and other operating systems. One of them is 
> >> that if open source works for some, it doesn't necessarily work for all. 
> >> 
> >> The main problem is the lack of perpetual licenses. 
> > 
> > I don't see any sensible explanation for why having access to the source 
> > code is a bad thing or why it couldn't work for OpenVMS. If you're worried about 
> > some hidden security vulnerability then those exist whether the source is public 
> > or not. Closed source for security reasons is nothing more than quite a bad 
> > implementation of security through obscurity. 
> > 
> > Perpetual licenses only solve the problem in the short term. Regardless of what 
> > VSI does the customers they have today will over time leave (out of business, 
> > whatever OpenVMS was doing is no longer needed, etc). VSI needs to win new 
> > customers to replace those that leave. Perpetual licenses alone won't encourage 
> > *anyone* to switch from Linux. 
> > 
> > Closed source with perpetual licenses guarantees that one day it will no longer 
> > be possible to buy new licenses. It guarantees that one day security updates 
> > will no longer be available. It guarantees that one day when those hidden 
> > security vulnerabilities are discovered no one will be legally allowed to fix them. 
> >
> Ok, let's take a look at these claims ... 
> 
> What guarantees that one day it will no longer be possible to buy new licenses? 

Over time existing customers will leave. Either they go out of business, change the
sort of work they're doing, or whatever it it is their OpenVMS systems are doing is
simply no longer required. Some will probably even migrate to Linux because its
cheaper and easier to find people familiar with it.

Replacing customers who leave requires some how convincing a business to switch 
from some other vastly more popular and almost certainly significantly cheaper
platform.

If VSI doesn't replace every customer that leaves eventually they'll reach an unviable
number of customers and either move to doing something else or go out of business.

> What guarantees that one day security updates will no longer be available? 

The number of paying customers getting so low that its no longer a viable business
causing sales, support and maintenance to be discontinued. This already very nearly 
happened once with HPE. If the number of OpenVMS users continues to shrink it will 
eventually happen with VSI too.

> What guarantees that one day security vulnerabilities would not be legally fixable? 

Its a closed source operating system and the license most likely forbids reverse
engineering and modifying the code yourself. Illegal to patch the vulnerability yourself
if there is no vendor to pay for fixes.

> Please be specific in answering each of those questions. Frankly, I cannot 
> understand such guarantees.

Of course nothing in this world is guaranteed. Perhaps OpenVMS will be the exception
to the rule and it will still be available and maintained in a century. But I'm not entirely 
sure OpenVMS is in the same seemingly irreplaceable category as whatever IBM sells. 
If it were I don't think HPE would have tried to drop it.

To me it seems like unless something drastic changes OpenVMS will follow the same
path as so many other operating systems, just a few decades behind the others
because its been ported to new CPU architectures. There haven't been a lot of security
updates for Tru64 lately...