From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: * X-Spam-Status: No, score=1.3 required=5.0 tests=BAYES_00,INVALID_MSGID, MSGID_RANDY autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,4eb65fab6deaa097 X-Google-Attributes: gid103376,public From: Robert Dewar Subject: Re: Lack of Mature Tools (was: Lockheed Martin, Green Hills, etc.) Date: 2000/04/26 Message-ID: <8e6upv$3au$1@nnrp1.deja.com>#1/1 X-Deja-AN: 615912888 References: <4eaJ4.23498$hh2.538870@news.flash.net> <8d4lpa$ffu$1@nnrp1.deja.com> <8d531v$vcr$1@nnrp1.deja.com> <8d57mo$4d9@chronicle.concentric.net> <390472E9.E0A17BC6@ftw.rsc.raytheon.com> <8e5hr4$imt$1@nnrp1.deja.com> <87wvll7a5h.fsf@think.mihalis.net> <39069B90.C9A74221@earthlink.net> <87ln212ghg.fsf@think.mihalis.net> X-Http-Proxy: 1.0 x25.deja.com:80 (Squid/1.1.22) for client 205.232.38.14 Organization: Deja.com - Before you buy. X-Article-Creation-Date: Wed Apr 26 14:34:40 2000 GMT X-MyDeja-Info: XMYDJUIDrobert_dewar Newsgroups: comp.lang.ada X-Http-User-Agent: Mozilla/4.61 [en] (OS/2; I) Date: 2000-04-26T00:00:00+00:00 List-Id: In article <87ln212ghg.fsf@think.mihalis.net>, Chris Morgan wrote: > Yeah, but simple corruption would normally cause either > tar or gunzip to fail. What I should have said, I > suppose, is it's not at all difficult to reliably > transmit the public versions to users and be assured the > right bits got there, e.g. if ACT had a public area on > their own ftp servers and published MD5 checksums. Of > course ACT may occasionally make a mistake and put the > wrong file up, even on their own servers, but in that > case the odds would be reasonable that they would also > make up a cd containing the mistake. The reason we do not provide the public version on our FTP site is that our FTP site is intended to serve SOLELY the needs of our commercial customers. The public versions as I have noted are NOT in any sense products of our company, and therefore do not belong on the company site. Note that the same is true of much free software, for instance the public versions of gcc are not distributed by Cygnus per se. > Fair enough. But if I download this new p version and > have a problem, it shouldn't be hard to verify my version. Well you wil have to find someone willing to provide the guarantees for that verification. Ada Core Technologies is not prepared to provide any guarantees here. > Well not having ever had an ACT CD, I have to presume they > transmit checksums with their CDs, in which case yes it's > more reliable, however I still heartily dislike the > implication that any users who > just picked up some > random bits called gnat somewhere on the net can't > are > not likely to have a valid version. I never said that they are not likely to have a valid version, just that Ada Core Technologies can provide no assurances that they *do* have a valid version. If you are comfortable with that situation and comfortable that you have a valid version, then that is a judgment for you to make for yourself. > Seeing as GNAT started off on DoD money to be a freely > available tool, and started off with NYU staff > dominating the development team, The entire development team were NYU employees (well except for Ed and I working in our sabbatical year to provide the features that DoD had refused to fund -- one of the deals to get this past fierce challenges from other Ada vendors was to try to cripple the product by failing to fund key features (subunits, fixed point ...) Other than that minor detail all development was by NYU employees. > If they can't reliably transmit a known version to me at > least most of the time via some ftp site such > as cs.nyu.edu something is wrong. There is a BIG difference. When we were at New York University, two things were different: 1. This was a university project, no one was providing any guarantees of anything at all, everything was on an as-is basis. The DoD contract contained no specific performance requirements (in fact DoD originally required validation, but this requirement was removed at the insistence of other Ada vendors). 2. When this was an NYU project, we did indeed control, or at least have some control over the use of the FTP site. Ada Core Technologies is not affiliated with New York University in any manner. We appreciate that NYU provides us some free resources (disk space) to hold public versions of GNAT, but once we upload stuff to NYU, the company has no control whatsoever over what happens. And we have even less control over stuff that other third parties upload. We certainly believe that NYU does a good job of maintaining its FTP site in a responsible manner, but we cannot guarantee that! At one point, the DoD was talking about providing some more permanent funding for supporting the public version of GNAT, but again, this was squelched because of concerns and complaints from other Ada vendors, and actually I really prefer it this way. Government subsidies of this kind are really not necessary nor desirable. Chris, if you are confident enough of what is out there, you could always provide others with guarantees of authenticity if you want! As I said earlier, the critical thing for me is for people to understand exactly what Ada Core Technologies products are, and what assurances and guarantees Ada Core Technologies makes about its products. This is important. If we were required to guarantee the authenticity of public releases and take legal responsibility for this guarantee, then we simply would not be able to make public releases at all, and that would be a loss. Robert Dewar Ada Core Technologies Sent via Deja.com http://www.deja.com/ Before you buy.