[Imc-communication] CMS project parameter: social culture of developer community; zope and US army etc

boud boud at riseup.net
Sun Oct 8 08:08:25 PDT 2006 

hi imc-cms,

REMINDER: chat at 1700 UTC TODAY (Sunday 8 Oct)

----------------------------------------------------------------------
(fr) RÉSUMÉ :
(1) AMHA la/le culture/style/état de la communauté des développeurs
devrait être un des paramètres pour le choix d'un cms et il ne m'est pas
évident qu'un seul paramètre soit suffisant.
(2) Zope Corporation se vante d'avoir plusieurs importantes organisations
terroristes/autoritaires comme clients. Leurs geeks deviendraient nos 
collègues si nous choisissions ce système.

(en) SUMMARY: 
(1) IMHO the culture/style/state of the developer
community should be one of the important parameters for choosing a
cms and i'm not sure if just one parameter is enough. 
(2) Zope Corporation is proud of having several major terrorist/
authoritarian organisations as its clients. Their geeks would become our 
colleagues if we chose this software environment.
----------------------------------------------------------------------


(1) "healthy community" parameter

At last weekend's irc,

(log: http://techmeet.sarava.org/English/CMS20060930MeetingLog )

i brought up a topic which was brought up earlier but hasn't much been
discussed, which is the question of what sort of development community
is behind each cms. Given that the whole idea is that we would de
facto become to a certain degree dependent on this community and trust
that community, e.g. for security updates in software, surely it is an
important issue.

While it's true that a free license to a certain degree makes us less
dependent on a software developers' community than financial dependence
on sponsors would create, nevertheless there are risks, for example:

* That "external" community could put in back doors (security holes
known only to developers) which the indymedia community do not notice
(do we expect a corporation who is proud that the US army is its
client not to try putting in back doors?)

[Counterargument: The software is open source, so it's enough that
we grep and experiment and find the holes ourselves, and the more users
there are, the better the chance is that these will be found.
Countercounterargument: This requires the software community to have
the same concepts of security and relation to legal situations as
the indymedia community.]

* Notion of community: a corporation whose is proud of the US army
being its client is going to frequently interact with US army geeks,
and we are likely to interact with this community if we want to get 
our modifications included in the system. E.g. in standard distributions
like debian if packet XXX is maintained by one community, it would be
difficult to get the packet XXX-indy accepted to the distribution 
if we have conflicting relations (such as disagreements about how to
relate to the FBI/CIA/US Army) with the main XXX community.

* Standard security updates: in systems like debian, you can get security
updates automatically with a one line command, but you trust the external
community.  If that community is one that we do not quite trust, we would
not have the convenience of standard type updates.


A general counterargument is that the internet in general was created
by geeks working for the US army, and GNU/Linux in general is used for
all sorts of purposes, including by armies and most likely by other
terrorist organisations. A counter-counterargument is that many of us
are aware of this and in general are trying to decrease our dependence
on authoritarian and terrorist organisations.


Anyway, my suggestion is that the culture/style/state of the developer
community should be one of the important parameters for choosing a
cms and i'm not sure if just one parameter is enough.

* kwadronaut suggested that the parameter "healthy community" should
be enough to cover this.

* zapata noted that this is rather a subjective criterion and 
suggests that we do not spend too much time in this phase on this, 
leaving it to the shortlisted cms's.

* ryan also supported pushing this to the second phase of evaluation
(except in the case of a lyndon larouche committee, which by
implication is apparently more dangerous than the US army)


(2) Zope Corporation

One specific community which to me at least is rather worrying is
"Zope Corporation". i brought this up 3 weeks ago,

http://techmeet.sarava.org/English/CMS20060917MeetingLog

but at last week's irc this sort of topic was still considered (at
least by two people) something only for the second phase of evaluation.

As long as we do discuss this sooner or later and it's not ignored,
i can't object. But since it has only been discussed on irc so far,
i thought it useful to make sure that it's properly made part of the
debate on the list archive.

Here are the authoritarian and terrorist organisations whose software
people we would be working with if we chose zope, developed by
Zope Corporation:

http://www.zope.com/customers/products_and_services_customers.html

Bank of America

US Navy

United States Navy / GE Jet Engines Workflow
http://www.zope.com/customers/case_studies/navy_ge.html

US Marines
http://www.zope.com/customers/case_studies/marine_corps_institute.html
http://www.zope.com/customers/case_studies/martest.html

http://www.zope.com/customers/training_customers.html
Lawrence Livermore National Laboratory
United States Department of Defense

IMHO, these are not the typical sort of grassroots organisations we
really want to get to close to.

solidarity
boud

More information about the IMC-communication mailing list