I’d like to split this discussion to another thread. Could you suggest a title for it?
Do we really need to split it? Its all about governance… Nethesis wants to govern NethServer…
So I guess you’ll be leaving now? So long.
Me leaving? What am I supposed to leave? My company? Not yet,…
Seriously though… what stops you (=NethServer devs/community) to split from Nethesis and become truly independent?
A project this size and with this scope should have serious programming power behind it. Usually, you hire people at that point.
Are you going to argue that RedHat is not OSS? That would be silly, wouldn’t it?
OSS programmers can also be serious about their work…
And do you have any mechanism to stop CEO (and other wrongwishers) from taking over the project (NethServer)?
RedHat has nothing to do here…
Yeah, it’s called a fork, and nothing prevents you…
RedHat only sells software to businesses that the community gets later … not sure how it is different.
1 Like
Im not goping to fork NethServer as I work ojn sth else…
You asked a question, I answered it.
Even when many things can be related to each other, the topic was diverting from original subject.
Regarding vulnerabilities, I think you advocate for a full disclosure model from day 0. Not the first nor the last time different disclosure procedures are discussed. That will bring full transparency, force the developers behind the project to fix the vulnerability as soon as possible and not keeping it for themselves or ignore it, but also expose lots of servers to attacks based on the disclosed information. On the other hand, responsible disclosure gives time to understand the vulnerability implications and prepare a fix, while full disclosure is delayed.
There are three parts, at least, involved in the disclosure process:
- The discoverer: the one who discovers the vulnerability (i.e. security researchers)
- The developers responsible to fix it
- The users
On the other topic, developers asked advice to a group of community members on how to handle the disclosure of a vulnerability a security research firm informed them of.
If I understood correctly, the developers/community/company behind the project is giving some guidelines for security researchers. Security researches are encouraged to follow them but are free to disclose it as they wish.
Both models have its pros an cons, so if you want to contribute you can expose your thoughts for the community and developers to take it in consideration.
6 Likes
About Nethesis and NethServer, it’s important to know the order of facts.
I’m not the best one to tell the history behind NethServer, but the community was created after Nethesis and the project existed.
Nethesis had a model of selling appliances and giving support to customers (and keeping some additional features for the paying customers). I think it was first using SME and later on decided to create NethServer project.
So it makes sense that the company behind the project has some saying about the project itself. You might prefer some other organisational structure, like a foundation ran by the community.
Neither OSS nor Free Software concept is opposed to business or making money off of it. Although when money is involved conflict of interest can arise, I get your point.
There’s another topic on Governance that try to address those issues (decision making, &c.) I think @medworthy can help us here, and you’re welcome to have your saying.
If you read other posts from the community manager and Nethesis developers you can judge yourself if they work with an OSS mindset. If they ask the community about the decisions, how transparent the process is and so on. Granted the way it is isn’t perfect, and that’s why is open to discussion.
6 Likes
So it makes sense that the company behind the project has some saying about the project itself.
We have conflict here. Company can create project/s, that all ok, but what I disagree with is that when company creates project, CEO thinks that s/he is king and can have last word; WRONG Upon strarting a project they (company) should decide which way they want it to go; either
a) open project, give its governance to elected community member (community leader), let him elect other members to be devs; simply let community decide (for good and/or bad),
b) develop it as closed source; making employees devs.
Each way individually camn be; you cannot mix these ways…
You CAN create a synergy tho. Community version drives interest for Nethesis and is as powerful as Nethesis for those that are tech savvy. It’s a win win if you ask me.
1 Like
@planet_jeroen,
I agree with everthing apart from one point:
“Nethesis for those that are tech savvy” – One of the main driving factors for NS is that NS can be used by by fairly non technical administrators – those admins that have very limited explerance of terminal commands, Posix (Unix, Linux, BSD etc. ) file system architecture or configuration of the multitude of text based configuration files.
1 Like
My fault. I see Nethesis and current NethServer developers highly coupled, as a whole (sort of I wouldn’t understand Nethesis without developers). That’s what I refer as the company.
I agree on not wanting a king or dictatorship. I want technical decisions taken by developers based on community and customers needs.
2 Likes
I have read all of your posts and I personally do not understand why you are so vocal and against Nethesis - (the company that develops NethServer)?
Your own personal issues with CEO’s or other managers have to stay way out of the community. This place is for Nethserver discussion, not for personal venting.
From all the posts you have written there is little information usable, it is more like in the sense that you thrive with the state of discord that arises from posting.
Until now, all the users that posted here, brought constructive feedback regarding the way they see the governance of the NethServer. - I do not see constructive feedback from your side…
You must take into account that without Nethtesis there will be no NethServer.
They are devoting people / time / resources / money developing a software that IS released for free and the source code is published!
Furthermore, they ( Nethesis ) are asking the community for information and they are listening (not like other distros).
The community just got more support from Nethesis in the new proposed subscription program!
More to add, they develop code based on suggestions from the community even if they do not get any financial return from this!
From my point of view it seems that you have a lot of unjustified anger directed at the company, or just shout out words without thinking.
I recommend that you take a step back and relax and watch the whole picture and not a single point of focus (like it seems is happening now)
Also remember that if you do not agree with the situation here you can always get the code and create your fork of NS.
But i really doubt that you will be able to take such a huge task or be mature enough to at least sustain it…
Best regards
Bogdan
2 Likes
I agree, but if they do not know how to perform the task on Windows, or lack the knowledge of networking, ldap configuration, etc., it is much the same as giving an average user a Windows 2012 Server .iso … in the end, it might work, but please dont let anyone audit it.
Being able to run a server is sometimes too easy … and makes it possible for people who should not take that responsability on their shoulders to create a right mess. Being forced to know a bit more is a good thing if you ask me. I still require a shell for some tasks … this means I need to read up or ask questions in those cases, this is like it should be imho 
I sincerely love you man 
Your posts are generating a lot of amazing answers that are show how much strong our community culture is
I’m not joking, thank you so much. That a great example of how a great Community should react to threats like this
so happy to see you here.
8 Likes
Well… some things are true. Some not.
First thing first: yes, Nethesis wants (and have to) govern/lead NethServer and NethServer community.
Currently NethServer Enterprise (paid and with support version of NethServer) is the base for Nethesis revenues. There’s nothing wrong about that, because company sells the distro and the support, or some appliances (hardware) with pre-cooked software and support.
It’s strategical to do a product (OSS licensing based) that covers the needs of customers. And getting in touch to some kind of possible customers can achieve user cases, issues, and needs.
Therefore, could help the software grow.
The old version of the product was a “triple leap fork”. e-Smith was created by Mitel Network, became SME-Server (forked) which has a little issue around 8.2 version: no clear path to grow as distro, and migrate. Nethesis also forked SME calling it NethService, but has similar issue.
Therefore, they applied some of the concepts of e-smith (template, for instance) on a distro laying on CentOS base distro, creating NethServer.
Good choice? Bad idea? At that time a was not able to test for free NethService.
Now i can use NethServer. No license fee to pay, no user restriction. I do not have access to support, but i can still read documentation, pinpoint when something is lacking.
Some things of this distro for me are wrong, therefore I give my opinion about that (and maybe some of them are not “that nice” for Nethesis or the community).
So community and developers can read what i think, and eventually improve software, features, docs, howto.
Second row on the list: as Koozali did with SmeServer project, userbase is interesting for create hype, solutions, answers… and testing bench for development. Also… maybe customers or business partners. Is that bad? I mean… Community Versions (as IpFire for instance) are available with partial functionalities, but without license fees. And without support. It’s up to people who take decisions to choose between being beta testers for free or pay for stable, verified and supported software.
C’mon… even Apple, Google and Microsoft now are doing “wide beta testing” with the version upgrade. And CEO of these companies have a far more expensive car than Nethesis CEO…
Last row in the list: you don’t like the distro?
Me too, for some choices. Some things are lacking as software (expecially to became a consistent and effective Win SBS alternative), some others as security appliance.
But we are lucky: there’s plenty of alternatives, so you can choose the right one for you (be kind, come back here and tell us why you choose another one, with something more “thick and interesting” that you don’t like the CEO car…) into the wide area of multifunctional server distros. If i have not to fullfill “Microsoft Windows” as system requirements, i can use NethServer in different scenarios, for me not Firewall or NAS (some boxes are fare more powerful than nethserver, so buy a server for that it’s not a good idea for me).
3 Likes
Lot to read, quite harsh, but still holds together…thats constructive, and thats what discussion shuld look like…
False. The dont have to. Even more - they must not. Once it starts, OSS ends.
So what that sources of NS are on GitHub/otherwise publicly available? Its a hoax made solely to fool people into thinking how good Nethesis is, how much they care and all… Reality is that they give a shit what community thinks, they have their own (good in their eyes) strategy and they enforce it.
You say they introduced certain functionalities, because community asked them to. Sure. Having not done so, would make reality come-out and people would turn their backs at Nethesis - so in order not to incur reputation loss they had to pretend they listen. But the reality is much more different.
If they really care for NS, they would left NS to cummunity entirely.
You mention companies like MS, Google Apple… its totally unjustified here; all these companies are global companies, with thousands of employees. All of them have billions of $ in revenues annually, and their CEOs can afford good car, good house etc…
Im not saying I dont like NethServer - I like it - its nice piecew of software. What I say is I dont like the way Nethesis treats NethServer project.