Re: Lockheed Martin Chooses Green Hills Ada for Joint Strike Fighter

Re: Lockheed Martin Chooses Green Hills Ada for Joint Strike Fighter

[Paul Makepeace]

>I was just going to ask if any DoD/govt projects ever used GNAT.  It seems
to
>me that GNAT (and gcc in general) are way better than many commercial
>equivalents (plus you get the source code:) but AFAIK, none of the
"official"
>projects here at VAFB have ever used any GNU or open source development
tools
>(if they have, they've kept quiet about it).
>
>Can you provide more examples?


See the following site:

http://www.mitre.org/support/swee/html/39_devine/index.htm

then click on "Lack of Mature Tools".

According to the website, both GNAT and AONIX have been used for this NATO
project.

Paul

Re: Lockheed Martin Chooses Green Hills Ada for Joint Strike Fighter

[Ted Dennison]

In article <4eaJ4.23498$hh2.538870@news.flash.net>,
  "Ken Garlington" <Ken.Garlington@computer.org> wrote:
> http://www.ghs.com/html/press/20/200407j.html

Interestingly enough, GreenHills is also the Ada compiler for the
simulator for the Joint Primary Aircraft Traing System. I guess if
you're working on a "Joint", GreenHills is the compiler for you. :-)

--
T.E.D.

http://www.telepath.com/~dennison/Ted/TED.html


Sent via Deja.com http://www.deja.com/
Before you buy.

Re: Lockheed Martin Chooses Green Hills Ada for Joint Strike Fighter

[Ted Dennison]

In article <38F60576.58C6D4E5@quadruscorp.com>,
  "Marin D. Condic" <mcondic-nospam@quadruscorp.com> wrote:
> The article says that there is a C/C++ component to the product. Do
> you know if/how much/what parts of the JSF software they plan on using
> C/C++?

There's a C/C++ component to GreenHills AdaMulti. I'm not sure the
article says those components are being used (or even purchased) for the
JSF project. If they aren't it would be a bit odd to have mentioned it.
But then again, this *was* a press release from Green Hills. They may
just be anxious to name-drop every product they have. :-)

--
T.E.D.

http://www.telepath.com/~dennison/Ted/TED.html


Sent via Deja.com http://www.deja.com/
Before you buy.

Re: Lockheed Martin Chooses Green Hills Ada for Joint Strike Fighter

[Robert Dewar]

In article <8d4lpa$ffu$1@nnrp1.deja.com>,
  Ted Dennison <dennison@telepath.com> wrote:

> Interestingly enough, GreenHills is also the Ada compiler for
> the simulator for the Joint Primary Aircraft Traing System. I
> guess if you're working on a "Joint", GreenHills is the
> compiler for you. :-)

Don't be too quick to jump to conclusions. The JSF project is
a large one involving many subprojects. Several important
components are using GNAT, and it would surprise me if there
were not other components using Rational and other Ada 95
compilers.

Robert Dewar
Ada Core Technologies


Sent via Deja.com http://www.deja.com/
Before you buy.

Re: Lockheed Martin Chooses Green Hills Ada for Joint Strike Fighter

[Steve Arnold]

In article <8d531v$vcr$1@nnrp1.deja.com>, Robert Dewar <dewar@gnat.com> wrote:
>In article <8d4lpa$ffu$1@nnrp1.deja.com>,
>  Ted Dennison <dennison@telepath.com> wrote:
>
>> Interestingly enough, GreenHills is also the Ada compiler for
>> the simulator for the Joint Primary Aircraft Traing System. I
>> guess if you're working on a "Joint", GreenHills is the
>> compiler for you. :-)
>
>Don't be too quick to jump to conclusions. The JSF project is
>a large one involving many subprojects. Several important
>components are using GNAT, and it would surprise me if there
>were not other components using Rational and other Ada 95
>compilers.

I was just going to ask if any DoD/govt projects ever used GNAT.  It seems to 
me that GNAT (and gcc in general) are way better than many commercial 
equivalents (plus you get the source code:) but AFAIK, none of the "official" 
projects here at VAFB have ever used any GNU or open source development tools 
(if they have, they've kept quiet about it).

Can you provide more examples?

Steve

Re: Lockheed Martin Chooses Green Hills Ada for Joint Strike Fighter

[Ted Dennison]

In article <8d531v$vcr$1@nnrp1.deja.com>,
  Robert Dewar <dewar@gnat.com> wrote:
> In article <8d4lpa$ffu$1@nnrp1.deja.com>,
>   Ted Dennison <dennison@telepath.com> wrote:
>
> > Interestingly enough, GreenHills is also the Ada compiler for
> > the simulator for the Joint Primary Aircraft Traing System. I
> > guess if you're working on a "Joint", GreenHills is the
> > compiler for you. :-)
>
> Don't be too quick to jump to conclusions. The JSF project is
> a large one involving many subprojects. Several important
> components are using GNAT, and it would surprise me if there
> were not other components using Rational and other Ada 95
> compilers.

Well...yes. I was just making a (lame) joke.

There's also a whole other company working on JSF at the moment, if the
press release is to be believed. I'm curious if that other company is
even using Ada at all.

--
T.E.D.

http://www.telepath.com/~dennison/Ted/TED.html


Sent via Deja.com http://www.deja.com/
Before you buy.

Lockheed Martin Chooses Green Hills Ada for Joint Strike Fighter

[Ken Garlington]

http://www.ghs.com/html/press/20/200407j.html

Re: Lockheed Martin Chooses Green Hills Ada for Joint Strike Fighter

[Marin D. Condic]

Ken Garlington wrote:
> 
> http://www.ghs.com/html/press/20/200407j.html

Before I left Pratt, I know we were seriously looking at the Aonix
compiler for the JSF engine control. (I think we took it for one of the
commercial engines.) Don't know where that stands now.

The article says that there is a C/C++ component to the product. Do you
know if/how much/what parts of the JSF software they plan on using
C/C++?

MDC
-- 
======================================================================
Marin David Condic - Quadrus Corporation - http://www.quadruscorp.com/
Send Replies To: m c o n d i c @ q u a d r u s c o r p . c o m
Visit my web site at:  http://www.mcondic.com/

"I'd trade it all for just a little more"
    --  Charles Montgomery Burns, [4F10]
======================================================================

Re: Lockheed Martin Chooses Green Hills Ada for Joint Strike Fighter

[David Gillon]

Ted Dennison wrote:

> There's also a whole other company working on JSF at the moment, if the
> press release is to be believed. I'm curious if that other company is
> even using Ada at all.

LockMart are building the X-35A and B, Boeing the X-32A and B (A =
conventional takeoff and landing, B = Short Takeoff and Vertical
Landing). It's reasonably safe to bet large portions of both aircraft's
systems are in Ada.  

The fly-off should start mid-year IIRC, based on the result of that
they'll downselect in 2001 to a single design concept to be developed
into an operational aircraft due into service around 2010.

-- 

David Gillon

Re: Lack of Mature Tools (was: Lockheed Martin, Green Hills, etc.)

[Wes Groleau]

> 
> See the following site:
> 
> http://www.mitre.org/support/swee/html/39_devine/index.htm
> 
> then click on "Lack of Mature Tools".
> 
> According to the website, both GNAT and AONIX have been used for this NATO
> project.

The page cited mentions defects in both GNAT and Aonix.  In the
interest of fairness: this project (NABK) also found a serious
defect in code generation for protected calls in Apex.
(However, Rational found the product the same time NABK did,
so a patch was available within two days.)


-- 
Wes Groleau
http://freepages.genealogy.rootsweb.com/~wgroleau

Re: Lack of Mature Tools (was: Lockheed Martin, Green Hills, etc.)

[Robert Dewar]

In article <390472E9.E0A17BC6@ftw.rsc.raytheon.com>,
> Wes Groleau <wwgrol@ftw.rsc.raytheon.com> wrote:
> The page cited mentions defects in both GNAT and Aonix.  In
> th interest of fairness: this project (NABK) also found a
> serious defect in code generation for protected calls in Apex.
> (However, Rational found the product the same time NABK did,
> so a patch was available within two days.)

Actually, as far as I can tell, this project did not make use
of the commercial version of GNAT, but used some unsupported
public version obtained somewhere from the net (and certainly
not from Ada Core Technologies). Yes, among the technologies
mentioned on the slides, it mentions that GNAT is the most
stable, but still this is NOT the commercial version of GNAT.
In fact we can't even be sure that it is the same bits that
we originally placed there. The advantage of freely available
software on the net is precisely that, it is freely available,
but the downside is you can never be sure exactly what you
are getting.

Actually we can't even be sure there were any defects in any
of the compilers. Our experience is that frequently people
think there are problems in GNAT, and instead it turns out
to be problems in their understanding of Ada 95, or unexpected
portability errors. For example, users have many times
complained that GNAT gets Natural'Size wrong (everyone knows
it should be 32 right :-). Of course there may have very well
been real bugs, but it's hard to tell. Given that they had
no support for the use of GNAT, it is not clear to whom they
could turn to understand what they observed.

This is perhaps a good opportunity to remind people that
although the widely available public version
of GNAT is very useful for student and research use, if you
are evaluating GNAT for use in a commercial project, and
particularly if you are evaluating it in comparison with
other commercial Ada compilers, then it is advisable to
contact Ada Core Technologies. Like any other commercial
Ada vendor, we can provide evaluation copies of the latest
version of our technology, GNAT Professional, and you can
then evaluate this with our support and help. For further
information, contact sales@gnat.com or sales@act-europe.fr.
This is not just a matter of "the interests of fairness", but
in our experience a huge time saver. Support is particularly
useful when you are first encountering a new technology!

I apologize if this is a bit too commercial of a message, but
in the case of GNAT, people often do not have a clear
understanding of the relationship of the public version
and the commercial version of GNAT.

Robert Dewar
Ada Core Technologies


Sent via Deja.com http://www.deja.com/
Before you buy.

Re: Lack of Mature Tools (was: Lockheed Martin, Green Hills, etc.)

[Chris Morgan]

Robert Dewar <dewar@gnat.com> writes:

> Actually, as far as I can tell, this project did not make use of the
> commercial version of GNAT, but used some unsupported public version
> obtained somewhere from the net (and certainly not from Ada Core
> Technologies). Yes, among the technologies mentioned on the slides,
> it mentions that GNAT is the most stable, but still this is NOT the
> commercial version of GNAT.  In fact we can't even be sure that it
> is the same bits that we originally placed there. The advantage of
> freely available software on the net is precisely that, it is freely
> available, but

You seem to be trying to scare people off using the public version
even if they do not need support because you "can't even be sure that
it is the same bits" you "originally placed there". I think you can,
and also, in particular, I find the following statement to be
misleading :

>the downside is you can never be sure exactly what you are getting.

Are you really suggesting that if I see an announcement of a new
public release of gnat on comp.lang.ada and I then download a file
with that version number from cs.nyu.edu in /pub/gnat that it may
somehow be corrupted? The wrong file? Altered by random strangers?
This seems like a surprising claim to me. I'll bet you (i.e. ACT) can
be pretty sure that those bits correspond exactly to the ACT build of
that public version just with a sum(1). If you published checksums on
www.gnat.com everybody else could be fairly sure as well, no matter
where they actually downloaded the file from. Better checks are also
easily provided (e.g. MD5) as seen on many other open source or free
software projects.

Not doing that is perfectly fine, but claiming the resultant lack of
verifiability leads to authenticity problems seems very weaselly to
me.

The value I found in having an ACT support contract pretty much
started flowing after I got the bits myself and installed them.

Sorry ;^)

Chris

-- 
Chris Morgan <cm at mihalis.net>                  http://mihalis.net

Re: Lack of Mature Tools (was: Lockheed Martin, Green Hills, etc.)

[Robert I. Eachus]

Chris Morgan wrote:
 
> Are you really suggesting that if I see an announcement of a new
> public release of gnat on comp.lang.ada and I then download a file
> with that version number from cs.nyu.edu in /pub/gnat that it may
> somehow be corrupted? The wrong file? Altered by random strangers?

    I believe that the right answers are: several times, happened at
least once, and has not happened yet--at least on cs.nyu.edu.  There are
many different  versions of each new gnat release that can be found on
cs.nyu.edu.  There have been uploading problems on several occasions
resulting in corrupted files, and at least once the wrong version of a
binary was uploaded.  Note also that not all of the versions available
from cs.nyu.edu are created by ACT and so ACT as such has no way to
guarentee conformance for such versions.

    Having said all that--and RBKD or someone else can provide the gory
details--GNAT is probably at least as reliable and robust as Netscape or
other products you can download over the net.  But if you see the
announcement of a new "p" release and download it immediately, there
will be times when you will have to go back for the correct version.  So
yes, Robert is implying that those things can happen and that ACT cannot
be responsible--among other things, it is not their server.

> This seems like a surprising claim to me. I'll bet you (i.e. ACT) can
> be pretty sure that those bits correspond exactly to the ACT build of
> that public version just with a sum(1). If you published checksums on
> www.gnat.com everybody else could be fairly sure as well, no matter
> where they actually downloaded the file from. Better checks are also
> easily provided (e.g. MD5) as seen on many other open source or free
> software projects.
> 
> Not doing that is perfectly fine, but claiming the resultant lack of
> verifiability leads to authenticity problems seems very weaselly to
> me.

      I don't think any weaseling was intended.  MD5 checksums would
probably be a good idea, but the archive formats do include checksums
that detect truncated or corrupted files.  When I am concerned about
someone maliciously modifying software, however, I much prefer CD as a
delivery media.   After installing, you should checksum not just the
compiler, but the entire directory hierarchy.  There are tools to do
this.  Such tools in fact are included in the DII COE, and in GCCS their
use is mandatory.

Re: Lack of Mature Tools (was: Lockheed Martin, Green Hills, etc.)

[Robert Dewar]

In article <87wvll7a5h.fsf@think.mihalis.net>,
  Chris Morgan <cm@mihalis.net> wrote:
> Are you really suggesting that if I see an announcement of a
new
> public release of gnat on comp.lang.ada and I then download a
file
> with that version number from cs.nyu.edu in /pub/gnat that it
may
> somehow be corrupted? The wrong file? Altered by random
strangers?

Probably not. The point I am making is that Ada Core
Technologies provides no kind of guarantees of any kind.
We have definitely seen cases where releases have been
altered (e.g. by omitting documentation). If you are
comfortable with taking responsibility yourself for this
possibility, then that's your decision.

> This seems like a surprising claim to me. I'll bet you (i.e.
> ACT) can be pretty sure that those bits correspond exactly to
> the ACT build of that public version just with a sum(1).

I would not be willing to make that statement, given that we
have seen counter examples. Also people often do not clearly
realize what Ada Core Technologies provides and what other
volunteers provide. We still get bug reports (and even angry
complaints sometimes) from users of the DOS version for example
even though that has nothing whatsoever to do with us.

> If you published checksums on
> www.gnat.com everybody else could be fairly sure as well, no
matter
> where they actually downloaded the file from. Better checks
are also
> easily provided (e.g. MD5) as seen on many other open source
or free
> software projects.

We don't publish such material, because this would make it
even more suggestive that we are taking responsibility for the
integrity of stuff on the net over which we have no control.

> Not doing that is perfectly fine, but claiming the resultant
> lack of verifiability leads to authenticity problems seems
> very weaselly to me.

Well as I say, if you are comfortable using unsupported bits
and taking responsibility yourself for authenticity, then you
do not have a problem. My point was just to make it clear to
people that if they follow this route, they are taking
responsibility for these issues.

> The value I found in having an ACT support contract pretty
> much started flowing after I got the bits myself and installed
> them.

Not quite sure what the above sentence means, but in any case
to repeat the point I am making, most organizations prefer to
use supported commercial software. If that is the case in your
organization and you are interested in using GNAT, then you
should evaluate GNAT Professional on the same basis as any
other commercial Ada technology.

If your organization is comfortable using unsupported software
and taking responsibility for obtaining a version of GNAT that
meets your needs, then that's fine with us, just so long as
you realize that we make no guarantees in this case. Indeed,
the classical Free Software disclaimer definitely applies
in this case:

11.  BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE
IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE
COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM
"AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR
IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE
OF THE PROGRAM IS WITH YOU.  SHOULD THE PROGRAM PROVE
DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.

12.  IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED
TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY
WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED
ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL,
SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF
THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT
LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR
LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE
PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH
HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
SUCH DAMAGES.

I reemphasize that Ada Core Technologies has no objections
to you using the public version of GNAT for any purpose you
like. We only recommend the use of the public version for
educational and research purposes, because we don't recommend
the use of unsupported software (certainly that's our own
internal policy at Ada Core Technologies).

The only issue here is that everyone is clear. We very often
get people who are quite confused on this issue. Back in
September, I had a "Y2K Compliance Officer" from some
organization literally screaming at me because we refused
to give Y2K certification for the public version

   "WELL WHO CAN GIVE THIS CERTIFICATION THEN?"

   "no one that I know of."

   "WELL THIS IS AN ACT PRODUCT RIGHT?"

   "no, that's incorrect"

More interchange, getting nowhere, and no doubt he ended up
deciding that Ada Core Technologies did not stand behind
its products :-)

Ada Core Technologies is committed to continued releasing
of public versions of GNAT, including full easily installable
binary releases. But these public products are NOT products
of our company, merely something we make available on an
as-is basis for those who can make use of unsupported software.

Robert Dewar
Ada Core Technologies




Sent via Deja.com http://www.deja.com/
Before you buy.

Re: Lack of Mature Tools (was: Lockheed Martin, Green Hills, etc.)

[Chris Morgan]

"Robert I. Eachus" <rieachus@earthlink.net> writes:

> Chris Morgan wrote:
>  
> > Are you really suggesting that if I see an announcement of a new
> > public release of gnat on comp.lang.ada and I then download a file
> > with that version number from cs.nyu.edu in /pub/gnat that it may
> > somehow be corrupted? The wrong file? Altered by random strangers?
> 
>     I believe that the right answers are: several times, happened at
> least once, and has not happened yet--at least on cs.nyu.edu.  There are
> many different  versions of each new gnat release that can be found on
> cs.nyu.edu.  There have been uploading problems on several occasions
> resulting in corrupted files, and at least once the wrong version of a
> binary was uploaded.  Note also that not all of the versions available
> from cs.nyu.edu are created by ACT and so ACT as such has no way to
> guarentee conformance for such versions.

Yeah, but simple corruption would normally cause either tar or gunzip
to fail. What I should have said, I suppose, is it's not at all
difficult to reliably transmit the public versions to users and be
assured the right bits got there, e.g. if ACT had a public area on
their own ftp servers and published MD5 checksums. Of course ACT may
occasionally make a mistake and put the wrong file up, even on their
own servers, but in that case the odds would be reasonable that they
would also make up a cd containing the mistake.

> 
>     Having said all that--and RBKD or someone else can provide the gory
> details--GNAT is probably at least as reliable and robust as Netscape or
> other products you can download over the net.  But if you see the
> announcement of a new "p" release and download it immediately, there
> will be times when you will have to go back for the correct version.  So
> yes, Robert is implying that those things can happen and that ACT cannot
> be responsible--among other things, it is not their server.

Fair enough. But if I download this new p version and have a problem,
it shouldn't be hard to verify my version.

>       I don't think any weaseling was intended.  MD5 checksums would
> probably be a good idea, but the archive formats do include checksums
> that detect truncated or corrupted files.  When I am concerned about
> someone maliciously modifying software, however, I much prefer CD as a
> delivery media.   After installing, you should checksum not just the
> compiler, but the entire directory hierarchy.  There are tools to do
> this.  Such tools in fact are included in the DII COE, and in GCCS their
> use is mandatory.

Well not having ever had an ACT CD, I have to presume they transmit
checksums with their CDs, in which case yes it's more reliable,
however I still heartily dislike the implication that any users who
just picked up some random bits called gnat somewhere on the net can't
are not likely to have a valid version. Seeing as GNAT started off on
DoD money to be a freely available tool, and started off with NYU
staff dominating the development team, if they can't reliably transmit
a known version to me at least most of the time via some ftp site such
as cs.nyu.edu something is wrong.

-- 
Chris Morgan <cm at mihalis.net>                  http://mihalis.net
    "O gummier hum warder buffer-lore rum 
     Enter dare enter envelopes ply"

Re: Lack of Mature Tools (was: Lockheed Martin, Green Hills, etc.)

[Robert Dewar]

In article <87ln212ghg.fsf@think.mihalis.net>,
  Chris Morgan <cm@mihalis.net> wrote:

> Yeah, but simple corruption would normally cause either
> tar or gunzip to fail.  What I should have said, I
> suppose, is it's not at all difficult to reliably
> transmit the public versions to users and be assured the
> right bits got there, e.g.  if ACT had a public area on
> their own ftp servers and published MD5 checksums.  Of
> course ACT may occasionally make a mistake and put the
> wrong file up, even on their own servers, but in that
> case the odds would be reasonable that they would also
> make up a cd containing the mistake.

The reason we do not provide the public version on our FTP
site is that our FTP site is intended to serve SOLELY the
needs of our commercial customers.  The public versions as I
have noted are NOT in any sense products of our company, and
therefore do not belong on the company site.  Note that the
same is true of much free software, for instance the public
versions of gcc are not distributed by Cygnus per se.

> Fair enough.  But if I download this new p version and
> have a problem, it shouldn't be hard to verify my version.

Well you wil have to find someone willing to provide the
guarantees for that verification.  Ada Core Technologies is
not prepared to provide any guarantees here.

> Well not having ever had an ACT CD, I have to presume they
> transmit checksums with their CDs, in which case yes it's
> more reliable, however I still heartily dislike the
> implication that any users who > just picked up some
> random bits called gnat somewhere on the net can't > are
> not likely to have a valid version.

I never said that they are not likely to have a valid
version, just that Ada Core Technologies can provide no
assurances that they *do* have a valid version. If you
are comfortable with that situation and comfortable that
you have a valid version, then that is a judgment for you
to make for yourself.

> Seeing as GNAT started off on DoD money to be a freely
> available tool, and started off with NYU staff
> dominating the development team,

The entire development team were NYU employees (well
except for Ed and I working in our sabbatical year to
provide the features that DoD had refused to fund --
one of the deals to get this past fierce challenges
from other Ada vendors was to try to cripple the product
by failing to fund key features (subunits, fixed point ...)
Other than that minor detail all development was by
NYU employees.

> If they can't reliably transmit a known version to me at
> least most of the time via some ftp
site such > as cs.nyu.edu something is wrong.

There is a BIG difference.  When we were at New York
University, two things were different:

1. This was a university project, no one was providing any
guarantees of anything at all, everything was on an as-is
basis.  The DoD contract contained no specific performance
requirements (in fact DoD originally required validation,
but this requirement was removed at the insistence of other
Ada vendors).

2. When this was an NYU project, we did indeed control, or
at least have some control over the use of the FTP site.
Ada Core Technologies is not affiliated with New York
University in any manner.  We appreciate that NYU provides
us some free resources (disk space) to hold public versions
of GNAT, but once we upload stuff to NYU, the company has no
control whatsoever over what happens.  And we have even less
control over stuff that other third parties upload.  We
certainly believe that NYU does a good job of maintaining
its FTP site in a responsible manner, but we cannot
guarantee that!

At one point, the DoD was talking about providing some
more permanent funding for supporting the public version
of GNAT, but again, this was squelched because of concerns
and complaints from other Ada vendors, and actually I
really prefer it this way. Government subsidies of this
kind are really not necessary nor desirable.

Chris, if you are confident enough of what is out there, you
could always provide others with guarantees of authenticity
if you want!

As I said earlier, the critical thing for me is for people
to understand exactly what Ada Core Technologies products
are, and what assurances and guarantees Ada Core
Technologies makes about its products. This is important.
If we were required to guarantee the authenticity of public
releases and take legal responsibility for this guarantee,
then we simply would not be able to make public releases at
all, and that would be a loss.

Robert Dewar
Ada Core Technologies


Sent via Deja.com http://www.deja.com/
Before you buy.

Re: Lack of Mature Tools (was: Lockheed Martin, Green Hills, etc.)

[Ted Dennison]

Robert Dewar wrote:

> like. We only recommend the use of the public version for
> educational and research purposes, because we don't recommend
> the use of unsupported software (certainly that's our own
> internal policy at Ada Core Technologies).

So you only use versions of tar and gzip for win32 that are supplied in
the commercial Cygwin package sold by RedHat? Do you only use it on its
one officially supported platform (NT service pack 3)?

--
T.E.D.

Home - mailto:dennison@telepath.com  Work - mailto:dennison@ssd.fsi.com
WWW  - http://www.telepath.com/dennison/Ted/TED.html  ICQ  - 10545591

Re: Lack of Mature Tools (was: Lockheed Martin, Green Hills, etc.)

[Larry Kilgallen]

In article <8e6upv$3au$1@nnrp1.deja.com>, Robert Dewar <robert_dewar@my-deja.com> writes:
> In article <87ln212ghg.fsf@think.mihalis.net>,
>   Chris Morgan <cm@mihalis.net> wrote:

>> Fair enough.  But if I download this new p version and
>> have a problem, it shouldn't be hard to verify my version.
> 
> Well you wil have to find someone willing to provide the
> guarantees for that verification.  Ada Core Technologies is
> not prepared to provide any guarantees here.

And what constitutes "verification" ?

One test might be whether it matches what everybody else has.
With a little effort, Chris or somebody similarly motivated
could set up a service where everybody submitted _their_
MD5 hash of the such-and-such package and learned whether
it matched the MD5 hash others had submitted.

Re: Lack of Mature Tools (was: Lockheed Martin, Green Hills, etc.)

[David Starner]

On Wed, 26 Apr 2000 14:34:40 GMT, Robert Dewar <robert_dewar@my-deja.com> wrote:
>The reason we do not provide the public version on our FTP
>site is that our FTP site is intended to serve SOLELY the
>needs of our commercial customers.  The public versions as I
>have noted are NOT in any sense products of our company, and
>therefore do not belong on the company site.  Note that the
>same is true of much free software, for instance the public
>versions of gcc are not distributed by Cygnus per se.

Um, gcc.gnu.org = egcs.cygnus.com, and that server certainly hosts
an FTP site for the releases and snapshots, and a CVS server with the
latest gcc. 

-- 
David Starner - dstarner98@aasaa.ofe.org

The hell that is supposedly out there could be no worse than
the hell that is sometimes seen in here.

Re: Lack of Mature Tools (was: Lockheed Martin, Green Hills, etc.)

[tmoran]

>I'll bet you (i.e.  ACT) can be pretty sure that those bits correspond
>exactly to the ACT build of that public version just with a sum(1).
>If you published checksums on ...
  Even if the bits on disk at NYU were guaranteed, ie, ACT agreed to
pay money to anyone who downloaded them for free and then discovered
they weren't correct, how many people have certified download and
unpack (eg pkunzip) software?

Re: Lack of Mature Tools (was: Lockheed Martin, Green Hills, etc.)

[Robert I. Eachus]

Chris Morgan wrote:
 
> Yeah, but simple corruption would normally cause either tar or gunzip
> to fail. What I should have said, I suppose, is it's not at all
> difficult to reliably transmit the public versions to users and be
> assured the right bits got there, e.g. if ACT had a public area on
> their own ftp servers and published MD5 checksums. Of course ACT may
> occasionally make a mistake and put the wrong file up, even on their
> own servers, but in that case the odds would be reasonable that they
> would also make up a cd containing the mistake.

    You seem to want to continue to misunderstand.  Why would gunzip
fail?
Because the checksum did not match.  MD5 allows additional protection
against forged checksums, which are totally inapplicable to this case.
To repeat something which you may have missed, ACT does not create all
of the versions of GNAT, not even all versions on cs.nyu.edu.  And for
example, if you want a version of GNAT for Linux, there are several
versions depending on whether you have Debian or Red Hat, and on which
kernel version you are using, etc.  You are much, much more likely to
run into problems due to downloading the wrong version or installing it
improperly than from someone smuggling a spoofed version onto the
server.  

    If you really need security, you have to pay the price.  I am not
talking about ACT's support price, which is trival, if you are working
on a trusted or secure system.  It may triple or more the cost of
development to insure that your tools are trustworthy, and yes, if you
need security and mission or life critical code, you can triple it
again.  Just adding an MD5 checksum would not help at all, you need to
start with a risk analysis and a threat analysis.  Then you can start
doing all the things necessary to reduce the threat, which often will
include examining the generated machine code for certain key parts of
your program, burning parts of the code into ROM, etc.
 
> Fair enough. But if I download this new p version and have a problem,
> it shouldn't be hard to verify my version.

   Have you had a problem?  I certainly have had bad downloads, but no
difficulty in determining that the problem was just that...
 
> Well not having ever had an ACT CD, I have to presume they transmit
> checksums with their CDs, in which case yes it's more reliable,
> however I still heartily dislike the implication that any users who
> just picked up some random bits called gnat somewhere on the net can't
> are not likely to have a valid version. Seeing as GNAT started off on
> DoD money to be a freely available tool, and started off with NYU
> staff dominating the development team, if they can't reliably transmit
> a known version to me at least most of the time via some ftp site such
> as cs.nyu.edu something is wrong.

     They can reliably transmit a known version to you.  What RBKD is
saying is that the version you pick up off the web without any
involvement by ACT is not reliably transmitted, and I can't understand
why you find that amazing.  ACT is very good at insuring that the
version they send you is appropriate for your system.  If you want to
install the Solaris version on your PC, it won't work, it is not their
fault, end of story.  Also if you decide to build GNAT from source for a
currently unsupported system without ACT's help, they do not guarentee
the result in any way, but they are quite willing to let you do so.  If
you want to do that, and add an MD5 signature to the version you
prepare, go ahead.

     Well maybe not end of story.  You have to understand what RBKD was
saying.  He was NOT saying, if you want to be sure of getting our
version of GNAT, you must pay.  He was saying that the support given to
POTENTIAL customers by sales@gnat.com often makes the difference in a
company's compiler choice.  If you are trying to choose between
supported compilers, compare the supported GNAT product to their
competitor's supported product, or even to the unsupported version of
GNAT.  The "handholding" can, and often will, make a big difference. 
For example, if your company has Ada 83 legacy code and you are moving
to Ada 95, they can help, in some cases by providing a special compiler
version, to make it easy to get the existing code into GNAT style
libraries and still or back under your version control system.  This is
why he is saying you should compare apples to apples.

    On the other hand, if you intend to compare the free version to some
other compiler, go ahead.  But understand that it is not the product
that ACT is selling.  The support from ACT is very good, and that is one
of their major selling points.

Re: Lack of Mature Tools (was: Lockheed Martin, Green Hills, etc.)

[Chris Morgan]

"Robert I. Eachus" <rieachus@earthlink.net> writes:

>     You seem to want to continue to misunderstand.

I don't want to misunderstand, and I'm not sure I misunderstand
anyway. 

>  Why would gunzip fail?  Because the checksum did not match.

Which implies a bad download. So any user is safe from a bad
download. 

>  MD5 allows additional protection against forged checksums, which
> are totally inapplicable to this case.

Not if people got their files from some other ftp server nearer them
on the net but checked the MD5 checksums against a hypothetical web
page on www.gnat.com.

> To repeat something which you may have missed, ACT does not create all
> of the versions of GNAT, not even all versions on cs.nyu.edu.  And for
> example, if you want a version of GNAT for Linux, there are several
> versions depending on whether you have Debian or Red Hat, and on which
> kernel version you are using, etc.

There is no profusion of linux versions on cs.nyu.edu :

ftp> dir gnat-3.12p*
200 PORT command successful.
150 Opening ASCII mode data connection for /bin/ls.
-rw-r--r--   1 ftpuser  ftpusers   8734825 Nov  2 19:40 gnat-3.12p-alpha-dec-osf4.0d-bin.tar.gz
-rw-r--r--   1 ftpuser  ftpusers   1562945 Oct 19  1999 gnat-3.12p-docs.tar.gz
-rw-r--r--   1 ftpuser  ftpusers   6246712 Oct 19  1999 gnat-3.12p-hppa1.1-hp-hpux10.20-bin.tar.gz
-rw-r--r--   1 ftpuser  ftpusers   5295724 Oct 19  1999 gnat-3.12p-i386-pc-solaris2.6-bin.tar.gz
-rw-r--r--   1 ftpuser  ftpusers   6525643 Oct 19  1999 gnat-3.12p-i686-pc-linux-gnu-bin.tar.gz
-rw-r--r--   1 ftpuser  ftpusers   8497448 Oct 19  1999 gnat-3.12p-powerpc-ibm-aix4.1.4.0-bin.tar.gz
-rw-r--r--   1 ftpuser  ftpusers   8057292 Oct 19  1999 gnat-3.12p-sparc-sun-solaris2.5.1-bin.tar.gz
-rw-r--r--   1 ftpuser  ftpusers   4266495 Oct 19  1999 gnat-3.12p-src.tar.gz
226 Listing completed.
ftp>

It's been mostly like this, apart from version numbers for, oh, about
5 years or more.

My understanding is that, in actual fact, the above
gnat-3.12p-i686-pc-linux-gnu-bin.tar.gz is ACT's public version. Same
goes for the Solaris file. The Ada for Linux stuff doesn't seem to be
there, it's on www.gnuada.org as usual.

>  You are much, much more likely to
> run into problems due to downloading the wrong version or installing it
> improperly than from someone smuggling a spoofed version onto the
> server.  

Right. This seems like my point, not yours. Robert seemed to me to
casting aspersions on the authenticity of any copies not received
under contract via CD. Since even untarring the files successfully
means you did't have a bad download, and since the files on cs.nyu.edu
are put there by ACT, I think this implication is wrong, and
unfortunate. 

>     If you really need security, you have to pay the price.  I am not
> talking about ACT's support price, which is trival, if you are working
> on a trusted or secure system.  It may triple or more the cost of
> development to insure that your tools are trustworthy, and yes, if you
> need security and mission or life critical code, you can triple it
> again.  Just adding an MD5 checksum would not help at all, you need to
> start with a risk analysis and a threat analysis.  Then you can start
> doing all the things necessary to reduce the threat, which often will
> include examining the generated machine code for certain key parts of
> your program, burning parts of the code into ROM, etc.

This is not the level I was talking about.

Once again, RBKD wrote :

> Actually, as far as I can tell, this project did not make use of the
> commercial version of GNAT, but used some unsupported public version
> obtained somewhere from the net (and certainly not from Ada Core
> Technologies). Yes, among the technologies mentioned on the slides,
> it mentions that GNAT is the most stable, but still this is NOT the
> commercial version of GNAT.  In fact we can't even be sure that it
> is the same bits that we originally placed there. The advantage of
> freely available software on the net is precisely that, it is freely
> available, but the downside is you can never be sure exactly what
> you are getting.

I am only talking about the implication that you can't be sure you get
a "good GNAT" unless you get support.

Here's my situation (sort of hypothetical). I work for a company doing
Ada on some tired old machines with some tired old compilers. I go
straight to cs.nyu.edu via ftp, turn on the binary flag, and download
the Solaris version. It ungzips and untars nicely and installs and
runs. 

Now, I examine the compiler for things like how well it parses our
code, how much memory it needs for our big packages etc. I report back
to my managers.

Now, of course ACT has new and better stuff up its sleeve, so of
course my conclusions aren't definitive, but are my managers supposed
to think I'm a fool for paying any attention to that "unsupported
public version"? Well in my case I tell them "we really should use the
wavefront from ACT off their customer site" and the response is the
(slightly surprising) "no we'll use the public version, we don't want
to be guinea pigs for anything not publically released yet unless we
really need to".

>  
> > Fair enough. But if I download this new p version and have a problem,
> > it shouldn't be hard to verify my version.
> 
>    Have you had a problem?  I certainly have had bad downloads, but no
> difficulty in determining that the problem was just that...


No, that's the point. I've never had a problem. Or perhaps I should
say I never did have a problem when this stuff was my job (the above
is only hypothetical because it's ancient history).

>      They can reliably transmit a known version to you.  What RBKD is
> saying is that the version you pick up off the web without any
> involvement by ACT is not reliably transmitted, and I can't understand
> why you find that amazing.  ACT is very good at insuring that the
> version they send you is appropriate for your system.  If you want to
> install the Solaris version on your PC, it won't work, it is not their
> fault, end of story.  Also if you decide to build GNAT from source for a
> currently unsupported system without ACT's help, they do not guarentee
> the result in any way, but they are quite willing to let you do so.  If
> you want to do that, and add an MD5 signature to the version you
> prepare, go ahead.

What he's saying seems to be true if you accept that the public
versions of GNAT are not really publically available at all, since you
can't get them from ACT and anywhere else is just some unconnected
random friendly bit bucket. I don't think this is true of cs.nyu.edu.

> 
>      Well maybe not end of story.  You have to understand what RBKD was
> saying.  He was NOT saying, if you want to be sure of getting our
> version of GNAT, you must pay.

That is precisely the implication that I perceived. How can I get the
public version of GNAT? Well not from ACT, and if this explanation
that I'm perhaps still not understanding is to be believed, not from
anywhere else either since you can't get public GNAT from ACT without
telling sales@gnat.com that you're a potential sale. Well since I'm no
longer in the Ada business at all whatsoever, I won't be able to
afford any level of ACT support, plus I wouldn't mislead their sales
people, so I guess it's impossible for me to get an authentic version
of the public release of GNAT 3.12. Oh well.


>  He was saying that the support given to
> POTENTIAL customers by sales@gnat.com often makes the difference in a
> company's compiler choice.  If you are trying to choose between
> supported compilers, compare the supported GNAT product to their
> competitor's supported product, or even to the unsupported version of
> GNAT.  The "handholding" can, and often will, make a big difference. 
> For example, if your company has Ada 83 legacy code and you are moving
> to Ada 95, they can help, in some cases by providing a special compiler
> version, to make it easy to get the existing code into GNAT style
> libraries and still or back under your version control system.  This is
> why he is saying you should compare apples to apples.

I know all this very well. I know how ACT's support compares to other
vendors. I know what some other vendors said about GNAT. The one thing
I don't like and don't understand is why there isn't a
/pub/unsupported on ftp.gnat.com with anonymous access and all the
publically released files.

I mean, I even made the bad mistake of trying to defend the ACT way
against unfounded criticisms from a very upset unsupported GNAT users,
and yet I don't see how this particular point meshes with ACT's happy
espousal of RMS's ideas.

>     On the other hand, if you intend to compare the free version to some
> other compiler, go ahead.  But understand that it is not the product
> that ACT is selling.  The support from ACT is very good, and that is one
> of their major selling points.

But it's the same compiler!!!!!!!

Perhaps there are so many people who don't assume in any comparison
that all tools must have been successfully installed and their full
documentation is at hand before any comparison is worth anything, that
the installation and getting started handholding is a huge issue. From
my point of view, however it was fairly clear how the competing
products stacked up even using the completely unsupported GNAT
releases from cs.nyu.edu. Even they were better, and that's the
point. 

It's all rather moot for me anyway (that's the colloquial usage
meaning "irrelevant", I know RBKD doesn't like that usage, sorry). I
use GNAT at home for my own projects perfectly well. I don't use Ada
at work, so I'm not terrified of the Ada cabal. Not that there is one.

Perhaps people still in the trenches would like to comment?

Chris
-- 
Chris Morgan <cm at mihalis.net>                  http://mihalis.net
    "O gummier hum warder buffer-lore rum 
     Enter dare enter envelopes ply"

Re: Lack of Mature Tools (was: Lockheed Martin, Green Hills, etc.)

[Robert Dewar]

In article <8e7510$9ic1@news.cis.okstate.edu>,
  dstarner98@aasaa.ofe.org wrote:
> On Wed, 26 Apr 2000 14:34:40 GMT, Robert Dewar
<robert_dewar@my-deja.com> wrote:
> >The reason we do not provide the public version on our FTP
> >site is that our FTP site is intended to serve SOLELY the
> >needs of our commercial customers.  The public versions as I
> >have noted are NOT in any sense products of our company, and
> >therefore do not belong on the company site.  Note that the
> >same is true of much free software, for instance the public
> >versions of gcc are not distributed by Cygnus per se.
>
> Um, gcc.gnu.org = egcs.cygnus.com, and that server certainly
hosts
> an FTP site for the releases and snapshots, and a CVS server
with the
> latest gcc.


cygnus provides the physical machine, but does NOT maintain
the current gcc release. This is maintained and managed by
the gcc maintenance committee. Some of the individuals on
this committee happen to work for Cygnus, but they are
not representing Cygnus on this committee. Cygnus certainly
provides input to this process, but they are quick themselves
to emphasize that they do not control the fsf version of
gcc. So if you are reading this into the physical location
of the machine supporting gcc.gnu.org, you are reading wrong!


Sent via Deja.com http://www.deja.com/
Before you buy.

Re: Lack of Mature Tools (was: Lockheed Martin, Green Hills, etc.)

[Pascal Obry]

Chris,

Here is what I propose. You download all the public releases, you
make an MD5 sum of what is there, you publish it in your Web
site, you write a paper to certify that version with the MD5 bits
is indeed a "safe one to use" (this is easy to do, the ACVC
regressions are free).

This is the way I see the "open" in "open source", you have access
to the source, so you can offer services not covered by the current
market.

Pascal.

--|------------------------------------------------------
--| Pascal Obry                           Team-Ada Member
--| 45, rue Gabriel Peri - 78114 Magny Les Hameaux FRANCE
--|------------------------------------------------------
--|         http://perso.wanadoo.fr/pascal.obry
--|
--| "The best way to travel is by means of imagination"

Re: Lack of Mature Tools (was: Lockheed Martin, Green Hills, etc.)

[Chris Morgan]

"Pascal Obry" <p.obry@wanadoo.fr> writes:

> Here is what I propose. You download all the public releases, you
> make an MD5 sum of what is there, you publish it in your Web
> site, you write a paper to certify that version with the MD5 bits
> is indeed a "safe one to use" (this is easy to do, the ACVC
> regressions are free).
> 
> This is the way I see the "open" in "open source", you have access
> to the source, so you can offer services not covered by the current
> market.

There seems to be an implication here that I'm after some kind of
profit in some way related to GNAT technology, or want something
onerous from ACT, but that's not true. In fact they've already done a
truly great job and I was just nitpicking. Since I can't seem to
convey what I was actually trying to say to anyone on this thread I'm
just going to give up and go back to sleep.
-- 
Chris Morgan <cm at mihalis.net>                  http://mihalis.net
    "O gummier hum warder buffer-lore rum 
     Enter dare enter envelopes ply"

Re: Lack of Mature Tools (was: Lockheed Martin, Green Hills, etc.)

[tmoran]

>convey what I was actually trying to say to anyone on this thread I'm
  You were saying there is no technical reason ACT couldn't post a
file with a secure signature on cs.nyu.edu, right?

  Why they would want to go to the extra trouble, just to aid the
competition (the public version being a competitor to the supported
version), is not obvious.  You or I could simply announce "I've
checked the version at cs.nyu.edu and it's correct" but would
anybody to whom that's really important consider that statement
credible?  Would you, or anyone, volunteer, for free, to be on the
receiving end of potential lawsuits if the version somehow wasn't
correct?  Of people downloading the $0 version, I suspect many have
a version of Netscape or IE or ftp, and a version of pkzip or
winzip, downloaded for free and of equally uncertain pedigree.  What
good would a certified version at cs.nyu.edu do if it's potentially
corrupted once it's on your machine and unpacked?

Re: Lack of Mature Tools (was: Lockheed Martin, Green Hills, etc.)

[Pascal Obry]

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain, Size: 2018 bytes --]


Chris Morgan <cm@mihalis.net> a �crit dans le message :
87aeidsgr8.fsf@think.mihalis.net...
> "Pascal Obry" <p.obry@wanadoo.fr> writes:
>
> > Here is what I propose. You download all the public releases, you
> > make an MD5 sum of what is there, you publish it in your Web
> > site, you write a paper to certify that version with the MD5 bits
> > is indeed a "safe one to use" (this is easy to do, the ACVC
> > regressions are free).
> >
> > This is the way I see the "open" in "open source", you have access
> > to the source, so you can offer services not covered by the current
> > market.
>
> There seems to be an implication here that I'm after some kind of
> profit in some way related to GNAT technology, or want something

Not at all. You can just offer a free services, I did not use the word
"profit" !

> onerous from ACT, but that's not true. In fact they've already done a
> truly great job and I was just nitpicking. Since I can't seem to
> convey what I was actually trying to say to anyone on this thread I'm
> just going to give up and go back to sleep.

No. My point was just that if there is something you want not covered by
ACT (for whatever reason) you can offer the service yourself. So don't
go back to sleep :)

Pascal.

--

--|------------------------------------------------------------
--| Pascal Obry                               Team-Ada Member |
--|                                                           |
--| EDF-DER-IPN-SID- T T I                                    |
--|                       Intranet: http://cln46gb            |
--| Bureau N-023            e-mail: p.obry@der.edf.fr         |
--| 1 Av G�n�ral de Gaulle  voice : +33-1-47.65.50.91         |
--| 92141 Clamart CEDEX     fax   : +33-1-47.65.50.07         |
--| FRANCE                                                    |
--|------------------------------------------------------------
--|
--|         http://perso.wanadoo.fr/pascal.obry
--|
--|   "The best way to travel is by means of imagination"

Re: Lack of Mature Tools (was: Lockheed Martin, Green Hills, etc.)

[Robert Dewar]

In article <I1vO4.586$XX5.462090@news.pacbell.net>,
  tmoran@bix.com wrote:

> Why they would want to go to the extra trouble, just to aid
> the competition (the public version being a competitor to the
> supported version), is not obvious.

Well I guess it is hard to succeed in being clear here, because
Tom is still confused. No, it has nothing to do with supposed
"competition" from the public version. What we offer to our
customers is far more than just software!

The point is, I will say it again, that we want to make it
very clear that Ada Core Technologies makes no kinds of
guarantees, nor takes any legal responsibilities, for the
public versions of GNAT. We do not want to take any other
steps that could be misinterpreted by others as indications
that this is not the case. The reason that we do not take
any responsibility is precisely that it is a public version.

The existence of public versions of open source technologies
that are freely modifiable by anyone, anywhere, at any time
for any reason, is a huge advantage *for certain kinds of
use*. For example, in the academic world, this kind of freedom
is immensely important, and it is very valuable for students
and academic researchers to be able to get their hands on this
kind of open technology by downloading freely available
versions, to be able to exchange modified versions etc.

We encourage such interchange, but we need to remind people
at the same time, that this incarnation of the GNAT technology
is not supported by Ada Core Technologies, and no guarantees
can be given.

Indeed the notion of free availability and support/guarantees
are definitely at odds, which is why the normal convention
for freely available software of this type is to display
a pretty fierce disclaimer. Here for example is what the
standard freely available gdb has to say:

  GDB is free software and you are welcome to distribute copies
  of it under certain conditions; type "show copying" to see the
  conditions. There is absolutely no warranty for GDB; type
  "show warranty" for details.

and if we follow the invitation, we get a very fierce legal
disclaimer:

  11.  BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE
  IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
  APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE
  COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM
  "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR
  IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
  WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE
  OF THE PROGRAM IS WITH YOU.  SHOULD THE PROGRAM PROVE
  DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
  REPAIR OR CORRECTION.

  12.  IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED
  TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY
  WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED
  ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL,
  SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF
  THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT
  LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR
  LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE
  PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH
  HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
  SUCH DAMAGES.

Now for GNAT Professional, the support agreement does indeed
provide a detailed description of the support and guarantees
for this commercial product, but they do not apply at all
to the public version of GNAT. In the past, we have often
seen people get confused over our relationship to the public
version, and for example, to angrily demand that we guarantee
Y2K compatibility for this version. We try to make it as clear
as possible that the public version is NOT a commercial product
of Ada Core Technologies.

The public versions are tremendously useful, or at least we
like to think so :-) in helping to spread the use of Ada
especially in universities. But for many other purposes,
including for example evaluation of the technology for
possible use in mission critical projects, it is more
appropriate to contact us and arrange a free evaluation
of the supported commercial technology. It's simply a
matter of picking the right tools for the right job.

Robert Dewar
Ada Core Technologies


Sent via Deja.com http://www.deja.com/
Before you buy.

Re: Lack of Mature Tools (was: Lockheed Martin, Green Hills, etc.)

[Matthew Woodcraft]

>The point is, I will say it again, that we want to make it
>very clear that Ada Core Technologies makes no kinds of
>guarantees, nor takes any legal responsibilities, for the
>public versions of GNAT. We do not want to take any other
>steps that could be misinterpreted by others as indications
>that this is not the case.

You do guarantee that the source you distribute matches the binaries
you distribute, no?

-M-

Re: Lack of Mature Tools (was: Lockheed Martin, Green Hills, etc.)

[David Starner]

On Thu, 04 May 2000 00:28:16 GMT, Ken Garlington <Ken.Garlington@computer.org> wrote:
>"Matthew Woodcraft" <mattheww@chiark.greenend.org.uk> wrote in message
>news:jhi*wLbro@news.chiark.greenend.org.uk...
>> >The point is, I will say it again, that we want to make it
>> >very clear that Ada Core Technologies makes no kinds of
>> >guarantees, nor takes any legal responsibilities, for the
>> >public versions of GNAT. We do not want to take any other
>> >steps that could be misinterpreted by others as indications
>> >that this is not the case.
>>
>> You do guarantee that the source you distribute matches the binaries
>> you distribute, no?
>
>Somehow, I'm guessing the answer to this question (with respect to the
>public version) is "no".

The whole reason for the question (assuming that they are distributing
anything, which they certainly do to the NYU people) is that they are
violating the GPL if the answer is no. Since the FSF holds the copyright,
if they distribute, the source must match the binary or they could be
in for legal trouble.

(In theory. In practice, the FSF has much better things to do with
their time than fight with ACT.)

-- 
David Starner - dstarner98@aasaa.ofe.org

The hell that is supposedly out there could be no worse than
the hell that is sometimes seen in here.

Re: Lack of Mature Tools (was: Lockheed Martin, Green Hills, etc.)

[Ken Garlington]

"Matthew Woodcraft" <mattheww@chiark.greenend.org.uk> wrote in message
news:jhi*wLbro@news.chiark.greenend.org.uk...
> >The point is, I will say it again, that we want to make it
> >very clear that Ada Core Technologies makes no kinds of
> >guarantees, nor takes any legal responsibilities, for the
> >public versions of GNAT. We do not want to take any other
> >steps that could be misinterpreted by others as indications
> >that this is not the case.
>
> You do guarantee that the source you distribute matches the binaries
> you distribute, no?

Somehow, I'm guessing the answer to this question (with respect to the
public version) is "no".

Re: Lack of Mature Tools (was: Lockheed Martin, Green Hills, etc.)

[Larry Kilgallen]

In article <Au3Q4.5750$wb7.484988@news.flash.net>, "Ken Garlington" <Ken.Garlington@computer.org> writes:
> "Matthew Woodcraft" <mattheww@chiark.greenend.org.uk> wrote in message
> news:jhi*wLbro@news.chiark.greenend.org.uk...
>> >The point is, I will say it again, that we want to make it
>> >very clear that Ada Core Technologies makes no kinds of
>> >guarantees, nor takes any legal responsibilities, for the
>> >public versions of GNAT. We do not want to take any other
>> >steps that could be misinterpreted by others as indications
>> >that this is not the case.
>>
>> You do guarantee that the source you distribute matches the binaries
>> you distribute, no?
> 
> Somehow, I'm guessing the answer to this question (with respect to the
> public version) is "no".

Whereas I would guess that it is "yes, but not for you",
since ACT does not distribute the public version.  They make
an initial transmission to a server at NYU, but the copy you
take from NYU was distributed by NYU, not distributed by ACT.

Re: Lack of Mature Tools (was: Lockheed Martin, Green Hills, etc.)

[Robert Dewar]

In article <jhi*wLbro@news.chiark.greenend.org.uk>,

> You do guarantee that the source you distribute matches the
> binaries you distribute, no?

It sure is hard to get the message across. Indeed messages
such as the above may make it easier to gain perspective on
my previous posts here.

The answer to the above question is no, since we do not
distribute either the source or the binary of the public
version. We simply send one copy to the nyu site. Any
further distribution is nothing to do with us.

We definitely cannot make any guarantee if you have a source
and a binary of GNAT that they match in the above sense. Indeed
we have OFTEN seen people distributing GNAT in a manner that is
inconsistent with the GPL, in that they do not bother about
their obligation to either distribute the source, or tell people
where to get it. I don't think it matters too much in practice,
but it is certainly nothing to do with us!

Robert Dewar
Ada Core Technologies


Sent via Deja.com http://www.deja.com/
Before you buy.

Re: Lack of Mature Tools (was: Lockheed Martin, Green Hills, etc.)

[Robert Dewar]

In article <87pur1ti2x.fsf@deneb.cygnus.argh.org>,
  Florian Weimer <fw-usenet@deneb.cygnus.argh.org> wrote:
> Robert Dewar <robert_dewar@my-deja.com> writes:
>
> > We definitely cannot make any guarantee if you have a source
> > and a binary of GNAT that they match in the above sense.
Indeed
> > we have OFTEN seen people distributing GNAT in a manner that
is
> > inconsistent with the GPL, in that they do not bother about
> > their obligation to either distribute the source, or tell
people
> > where to get it.
>
> In the past, you had to be inconsistent with the GPL if you
wanted
> to redistribute the Windows version of GNAT in the form
provided by
> Ada Core Technologies because you couldn't provide the sources
of the
> installation program. ;)
>
> (Don't know if this has changed recently.)


The installation program is a separate program from any of the
programs it installs. There is no incosistency here. You
definitely can build GNAT from sources and install it without
using install shield.

The GPL applies on a program by program basis, there is no
problem in distributing a package some of whose programs are
proprietary and some of whose programs are GPL'ed.



Sent via Deja.com http://www.deja.com/
Before you buy.

Re: Lack of Mature Tools (was: Lockheed Martin, Green Hills, etc.)

[Ted Dennison]

In article <87pur1ti2x.fsf@deneb.cygnus.argh.org>,
  Florian Weimer <fw-usenet@deneb.cygnus.argh.org> wrote:
>
> In the past, you had to be inconsistent with the GPL if you wanted
> to redistribute the Windows version of GNAT in the form provided by
> Ada Core Technologies because you couldn't provide the sources of the
> installation program. ;)
>
> (Don't know if this has changed recently.)
>

Thanks. I had almost forgotten this one (an InstallShield-like app) from
my list of needed OpenSource programs that could be done in Ada.

--
T.E.D.

http://www.telepath.com/~dennison/Ted/TED.html


Sent via Deja.com http://www.deja.com/
Before you buy.

Re: Lack of Mature Tools (was: Lockheed Martin, Green Hills, etc.)

[Florian Weimer]

Robert Dewar <robert_dewar@my-deja.com> writes:

> We definitely cannot make any guarantee if you have a source
> and a binary of GNAT that they match in the above sense. Indeed
> we have OFTEN seen people distributing GNAT in a manner that is
> inconsistent with the GPL, in that they do not bother about
> their obligation to either distribute the source, or tell people
> where to get it.

In the past, you had to be inconsistent with the GPL if you wanted
to redistribute the Windows version of GNAT in the form provided by
Ada Core Technologies because you couldn't provide the sources of the
installation program. ;)

(Don't know if this has changed recently.)

Re: Lack of Mature Tools (was: Lockheed Martin, Green Hills, etc.)

[Florian Weimer]

Robert Dewar <robert_dewar@my-deja.com> writes:

> The installation program is a separate program from any of the
> programs it installs. 

The last time I downloaded GNAT for Win32 it was a single executable. ;)

> The GPL applies on a program by program basis, there is no
> problem in distributing a package some of whose programs are
> proprietary and some of whose programs are GPL'ed.

Yes, mere aggregation is certainly permitted, but the license provided
by ACT doesn't distinguish the installer from GNAT itself, which means
that it applies to the installer as well (IMHO, IANAL).

Re: Lack of Mature Tools (was: Lockheed Martin, Green Hills, etc.)

[Pascal Obry]

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain, Size: 1095 bytes --]


Florian Weimer a �crit dans le message
<87aei557gc.fsf@deneb.cygnus.argh.org>...
>Robert Dewar <robert_dewar@my-deja.com> writes:
>
>> The installation program is a separate program from any of the
>> programs it installs.
>
>The last time I downloaded GNAT for Win32 it was a single executable. ;)


I do not understand what you mean here! Sure it is a single executable, it
is
an InstallShield program! But if you want to distribute GNAT (you certainly
want to change something otherwise you just have to place the InstallShield
on your server that's all) you need the source package (a .tar.gz) and from
there you should be able to rebuild GNAT yourself and package it with
whatever
tool you want (InstallShield, WinZip selfext...).

Pascal.

--|------------------------------------------------------
--| Pascal Obry                           Team-Ada Member
--| 45, rue Gabriel Peri - 78114 Magny Les Hameaux FRANCE
--|------------------------------------------------------
--|         http://perso.wanadoo.fr/pascal.obry
--|
--| "The best way to travel is by means of imagination"

Re: Lack of Mature Tools (was: Lockheed Martin, Green Hills, etc.)

[Florian Weimer]

Ted Dennison <dennison@telepath.com> writes:

> Thanks. I had almost forgotten this one (an InstallShield-like app) from
> my list of needed OpenSource programs that could be done in Ada.

Hmm.  I'd like to see a portable newsreader which runs on OS/2.  If
it is implemented properly, this could tremendously increase the
readability of some of the most interesting postings on CLA. ;)

Re: Lack of Mature Tools (was: Lockheed Martin, Green Hills, etc.)

[Tarjei Tj�stheim Jensen]

Ted Dennison wrote:
> 
> Thanks. I had almost forgotten this one (an InstallShield-like app) from
> my list of needed OpenSource programs that could be done in Ada.
> 

Let me suggest a test case for such a thing: A Linux installer.

If one can keep the dependencies right and show the consequences of
choices in real time it will be very hard to avoid Ada on the Linux
installation CDs.

Current Linux installers tend to want to install too much too soon. They
don't try to establish whether the basics works before trying to install
the whole caboodle.


Greetings,

Re: Lack of Mature Tools (was: Lockheed Martin, Green Hills, etc.)

[Robert Dewar]

In article <87aei557gc.fsf@deneb.cygnus.argh.org>,
  Florian Weimer <fw-usenet@deneb.cygnus.argh.org> wrote:

> Yes, mere aggregation is certainly permitted, but the license
> provided by ACT doesn't distinguish the installer from GNAT
> itself, which means that it applies to the installer as well
> (IMHO, IANAL).

Speaking as an expert in the industry standards and practice
of copyright law (I have been so qualified in several federal
courts), I see no possibloe problem here, and I have no idea
what odd theory you are spinning to generate your IMHO post :-)

Robert Dewar


Sent via Deja.com http://www.deja.com/
Before you buy.

Re: Lack of Mature Tools (was: Lockheed Martin, Green Hills, etc.)

[Robert Dewar]

In article <87pur13q6r.fsf@deneb.cygnus.argh.org>,
  Florian Weimer <fw-usenet@deneb.cygnus.argh.org> wrote:

> Hmm.  I'd like to see a portable newsreader which runs on
> OS/2.  If it is implemented properly, this could tremendously
> increase the readability of some of the most interesting
> postings on CLA. ;)

And what exactly is wrong with Netscape? (says Robert who is
reading CLA via Deja News Classic (=dnc) on Netscape) ...


Sent via Deja.com http://www.deja.com/
Before you buy.

Re: Ada test example - Linux Software Installer

[Robert Dewar]

In article <JpoF4nBx0iQb@eisner.decus.org>,
  Kilgallen@eisner.decus.org.nospam wrote:
> That sounds like a worthwhile project, but if you want to
> increase acceptance, please do _not_ license it in such a way
> that anyone who distributes the installer (such as, with their
> software) has to distribute the source to the software.
> Muddying the waters of Ada Advocacy with Open Source Advocacy
> would not increase adoption.

The GPL is fine for this purpose, there is no way that the GPL
could be argued to apply to things the installer was installing.
I suspect many readers of CLA are not aware of the principle of
misuse of copyright. It is quite an instructive reminder in this
kind of case :-)



Sent via Deja.com http://www.deja.com/
Before you buy.

Re: Ada test example - Linux Software Installer

[Robert Dewar]

In article <hD5dQSoakfDi@eisner.decus.org>,
  Kilgallen@eisner.decus.org.nospam wrote:
> I am trying to avoid a requirement for those using the
> installer to distribute the source of the installer.

Well if it is GPL'ed, then of course you don't have to
distribute these sources, merely pass on the distribution
information that comes with the installer. Note that the
GPL does NOT require sources to be distributed with a
product, just made available, a pointer is fine, even if
there is a charge for getting the sources.

Now if you want an installer that you can modify and then
distribute as your own proprietary work without the sources,
the GPL is indeed unsuitable. Naturally the providers of
proprietary software would prefer licenses that allow them
to appropriate other people's work as their own, since it
saves them trouble. Whether authors are willing to allow
such appropriation is up to them. The GPL is suitable for
use if you want to make sure that your contributed work
remains open. If you don't mind your work being used by
others without attribution in contexts including proprietary
ones, then other licenses such as BSD are appropriate, or
you can just place your work in the public domain, renouncing
your copyright interests.



Sent via Deja.com http://www.deja.com/
Before you buy.

Re: Ada test example - Linux Software Installer

[Robert Dewar]

In article <hD5dQSoakfDi@eisner.decus.org>,
  Kilgallen@eisner.decus.org.nospam wrote:
> I am trying to avoid a requirement for those using the
> installer to distribute the source of the installer.

I just want to reemphasize the point I made in my previous
post. The GPL *never* requires that you distribute sources.
You must make the sources available, common ways of doing
this are

 a) indeed distribute sources with the distribution
 b) point to a website containing the sources
 c) make a written offer to provide the sources

for case c) you can charge a reasonable fee for copying.
THat's the only time the GPL has anything to say about levels
of fees, and the reason is obvious, if sources cost $5 million
they are operationally unavailable. But it would be fine to
make the sources available on a CD ROM and charge whatever it
cost you to make the copy (e.g. a charge such as $200 would
be quite reasonable, given the time to make and check the
copy etc).

As an example of b) consider the TIVO consumer device for
digital TV recording and replay. This device is based on
Linux, and the instruction manual points to a website where
you can get the sources of the particular source version
of Linux used in this device.

It's quite common to redistribute GPL'ed tools without providing
the sources, by simply referencing the original source. That
should be fine for almost all purposes, unless you want to
deliberately conceal the fact that you are borrowing someone
else's software.



Sent via Deja.com http://www.deja.com/
Before you buy.

Ada test example - Linux Software Installer

[Larry Kilgallen]

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain, Size: 1484 bytes --]

In article <3913A546.3ADC7EB7@online.no>, "Tarjei Tj�stheim Jensen" <tarjei@online.no> writes:
> Ted Dennison wrote:
>> 
>> Thanks. I had almost forgotten this one (an InstallShield-like app) from
>> my list of needed OpenSource programs that could be done in Ada.
>> 
> 
> Let me suggest a test case for such a thing: A Linux installer.
> 
> If one can keep the dependencies right and show the consequences of
> choices in real time it will be very hard to avoid Ada on the Linux
> installation CDs.
> 
> Current Linux installers tend to want to install too much too soon. They
> don't try to establish whether the basics works before trying to install
> the whole caboodle.

That sounds like a worthwhile project, but if you want to increase
acceptance, please do _not_ license it in such a way that anyone
who distributes the installer (such as, with their software) has
to distribute the source to the software.  Muddying the waters of
Ada Advocacy with Open Source Advocacy would not increase adoption.

Software vendors are sometimes faced with a customer demand to
explain every single file on their CD, and while for some markets
the proper response might be to add more files (source) for many
it is not.

I believe a software installer is a problem domain where a
distributed set of diverse developers can do much better than
a single organization, and thus the "risk" of somebody making
a "better" installer (and keeping the source of their change
secret) is minimal.

Re: Ada test example - Linux Software Installer

[Larry Kilgallen]

In article <8f2jhl$35m$1@nnrp1.deja.com>, Robert Dewar <robert_dewar@my-deja.com> writes:
> In article <JpoF4nBx0iQb@eisner.decus.org>,
>   Kilgallen@eisner.decus.org.nospam wrote:
>> That sounds like a worthwhile project, but if you want to
>> increase acceptance, please do _not_ license it in such a way
>> that anyone who distributes the installer (such as, with their
>> software) has to distribute the source to the software.
>> Muddying the waters of Ada Advocacy with Open Source Advocacy
>> would not increase adoption.
> 
> The GPL is fine for this purpose, there is no way that the GPL
> could be argued to apply to things the installer was installing.
> I suspect many readers of CLA are not aware of the principle of
> misuse of copyright. It is quite an instructive reminder in this
> kind of case :-)

I see I did not express my concern accurately.

I am trying to avoid a requirement for those using the installer
to distribute the source of the installer.

Re: Lack of Mature Tools (was: Lockheed Martin, Green Hills, etc.)

[Robert Dewar]

In article <8eqgfn$8q61@news.cis.okstate.edu>,
  dstarner98@aasaa.ofe.org wrote:

> The whole reason for the question (assuming that they are
> distributing anything, which they certainly do to the NYU
> people) is that they are violating the GPL if the answer is
> no. Since the FSF holds the copyright, if they distribute, the
> source must match the binary or they could be in for legal
> trouble.

Well of course the initial version we put out at NYU has
matching objects and sources, the source is what we build
the object from. My point is simply that beyond that point
we are not distributing anything, and we cannot make any
statements about matching sources and binaries once it
leaves our hands. In practice we have often seen people
distribute the binary version of GNAT without providing
the sources or pointers to them, which is of course improper
(though in practice not serious).

> (In theory. In practice, the FSF has much better things to do
> with their time than fight with ACT.)

There would be no question of fighting here. We work very
closely with the FSF, and if RMS or any of the other FSF
guys had any concerns they would simply let us know and
we would fix things :-) Remember that GNAT is part of the
GNU system.

Robert Dewar
Ada Core Technologies


Sent via Deja.com http://www.deja.com/
Before you buy.

Re: Lack of Mature Tools (was: Lockheed Martin, Green Hills, etc.)

[Florian Weimer]

Robert Dewar <robert_dewar@my-deja.com> writes:

> And what exactly is wrong with Netscape? (says Robert who is
> reading CLA via Deja News Classic (=dnc) on Netscape) ...

Deja adds an annoying footer.  Sometimes, the previous article is
quoted improperly.  The lines are wrapped, but not prefixed by a quote
sign, dramatically reducing readability, for example:

> tmpnam() is broken as designed (the information is already
outdated
> when it is returned, and on Unix systems, an attacker could
have
> created a symlink linking to some interesting file), tmpfile()
has
> the correct interface, but you can't be sure that it's
correctly
> implemented on all systems. :-/

In addition, Deja users tend to send multiple copies of their
articles.