March 29, 2010, 10:11 AM —
Since we live in an entropic universe, things end.
Heady stuff for a Monday morning, I will admit, but just keep drinking that coffee, you'll catch up.
That endings happen on a regular basis is nothing new; we see evidence of change and chaos every day. We just don't like to talk about it. Endings can make us jumpy, sad, angry. Who likes saying goodbye to a visiting friend, or watch the last game of the season?
Which is why, I think, people have such strange reactions to end-of-life notifications for open source software. Let's see if we can't put people at ease a bit. Veterans of software development might think this topic is a waste of time, given their expertise. I have to wonder though, given the recent reaction in the community when Oracle posted a normal end-of-service-life policy page about OpenSolaris back in February. People who should have known better, to put it in technical terms, freaked out, thinking OpenSolaris was about to go to that great decompiler in the sky.
Here's what you need to know. End-of-life (EOL) is a normal part of the software lifecycle, whether it's an application or a full-blown operating system. Software doesn't actually die: once the EOL date passes, your application won't pop up a dialog box with a tombstone on it that says "so long, and thanks for all the data." In reality, it means that the developers who wrote the software and the community or vendor that supports it simply does not have the resources to keep providing support.
This makes perfect sense, if you think about it. If you are working on the upcoming release of MondoApp 4.0, and are actively supporting versions 2.0 and 3.0, do you have the time to keep all those legacy 1.0 users supported? Unfortunately, reality usually says no. Bug fixes, security updates, even documentation takes time and resources. Better, then, to politely announce the end of life for the old product, which will refocus the effort on current projects and ideally encourage those legacy users to upgrade to something more current.
Users should take note: they don't have to upgrade, especially with open source software. If you have an application that's running perfectly fine on, say, an old Red Hat Enterprise Linux 2.1 machine, you can self-support the discontinued RHEL 2.1 on your own or hire someone to take care of it for you. That's one of the benefits of open source. Pragmatically, it's not a bad idea to upgrade once in a while, if only for security's sake.
This is part of the reason why you hear about end-of-life announcements for open source products far more than the average user of proprietary software does. Even Microsoft has end-of-life plans for its software; they just don't make a big deal about publishing them. This seems an ill-founded marketing decision: don't admit that eventually support will end, so people will associate Microsoft software with "quality" and "things that last."
I'll wait for you to stop laughing.
In all seriousness, this approach to downplay end-of-life or the whole product lifecycle may be why we face so many security issues with proprietary software--especially the software used by the general population. If you don't know or were never told to care about the lifecycle of Internet Explorer, for painful example, then you will keep on blithely using IE 6 even though it is the most insecure browser on the planet today, is long past its support cycle, and should die. Really. Die.
Of course, the well-heeled commercial clients of proprietary software vendors certainly get all the lifecycle information they need, the better to help those customers upgrade or extend service licenses.
But with open source, everyone gets the word. If I were a legacy Ubuntu user, I would appreciate the note I got today from Steve Lanasek announcing the upcoming end of life for Ubuntu 8.10. I'd have time to look around, see what my options were.
All [major] Linux distributions have well-defined service lifecycles, though they vary in length. Length of support does not indicate overall quality of a distribution, but it is something to be aware of, especially for businesses looking at Linux.
|Distribution||End of Life|
|Fedora||One month after Fedora X+2 (~13 months)|
|Red Hat Enterprise Linux||Seven years|
|openSUSE (11.1 or prior)||Two years|
|openSUSE (11.2 and higher)||Two months after openSUSE X+2 (18 months)|
|SUSE Linux Enterprise Server||Seven years|
|Ubuntu Desktop LTS||Three years|
|Ubuntu Server LTS||Five years|
So, rather than seeing EOL and lifecycle transparency as a detriment, view it for what it really is: an unsung benefit of open source that helps all users, not just the big clients, make informed decisions about their systems.