Here is a followup to this email. A few people asked me questions off list, and here are my replies: [ Comment mentioning Open Office and Mozilla have not been attacked.] Cconsider that one thing that has restrained Microsoft (and previously IBM) was US Department of Justice oversight. Oracle does not have such oversight, so they are more likely to act aggressively. Basically, just because attacks have not happened in the Linux or Open Office areas (Microsoft territory) does not mean they will not happen in the database area. Oracle has a history of aggressive activity, and it has shown with MySQL now. I doubt many would have thought Oracle would have purchased technology that MySQL depends upon before it happened. Oracle certainly will not win, and I think they know that, but as project leaders, we should try to be defensive to prevent attacks from inflicting harm to the project. [ Comment asking what we can do to protect ourselves.] We can't do much, actually. The trademark thing can be secured, but other than that, I see no other defenses we could use. We can't prevent people from being hired, and we can't guard against patent attacks. I am willing to write up something for our web site if people think that would be helpful. --------------------------------------------------------------------------- Bruce Momjian wrote: > We have entered a new phase in the possible attacks on PostgreSQL. > > The purchase of InnoDB clearly shows Oracle is ready to expend money to > slow down competitive database technology. Now that MySQL has been > attacked, we should expect to be the next target. > > Let's assume Oracle is willing to spend 1% of their revenue or net > income on attacking PostgreSQL. Given this financial statement: > > http://finance.yahoo.com/q/is?s=ORCL&annual > > that would be USD $20-100 million. (The Oracle financial statement will > eventually disclose the purchase price of InnoDB, and we can use that as > a minimum amount they would be willing to spend.) > > Now, I think Oracle realizes that the database will eventually become a > commodity based on their purchase of Peoplesoft and other application > technology. However, every financial period they delay that time is > more profit for them, so it is a cost/benefit of how much it is worth to > slow down PostgreSQL. Obviously they thought the InnoDB purchase was > worth it to slow down or control MySQL. Our goal should be to make the > cost of attacks higher than the benefit. > > Here are the three most likely attacks on our project: > > o Hiring > > Oracle could hire a large portion of our paid or volunteer developers, > thereby slowing down the project. Individuals would probably be > approach as "We like your work on PostgreSQL and would like your > expertise in improving Oracle", but of course once hired what they did > for Oracle would be unimportant. What would be important is what they > _don't_ do for PostgreSQL. > > o Trademark > > Marc Fournier owns the PostgreSQL trademark and domain names. He could > be attacked, perhaps by hiring him to do a job, causing it to fail, then > suing him to obtain the trademark, and therefore the right to own the > domain names. The trademark has not been enforced, and it would be hard > to enforce at this stage, but I think it would be effective in gaining > control of the domain names. > > o Patents > > Most technology people agree the software patent system is broken, but > it could be a potent weapon against us, though we have shown we can > efficiently remove patent issue from our code. > > > There is probably nothing Oracle can do to permanently harm us, but > there are a variety of things they can do to temporarily slow us down, > and it is likely a attempt will be made in the future. There are also > possible threats to PostgreSQL support companies, though they are > somewhat independent of the project. > > -- > Bruce Momjian | http://candle.pha.pa.us > pgman@xxxxxxxxxxxxxxxx | (610) 359-1001 > + If your life is a hard drive, | 13 Roberts Road > + Christ can be your backup. | Newtown Square, Pennsylvania 19073 > > ---------------------------(end of broadcast)--------------------------- > TIP 1: if posting/reading through Usenet, please send an appropriate > subscribe-nomail command to majordomo@xxxxxxxxxxxxxx so that your > message can get through to the mailing list cleanly > -- Bruce Momjian | http://candle.pha.pa.us pgman@xxxxxxxxxxxxxxxx | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania 19073 ---------------------------(end of broadcast)--------------------------- TIP 3: Have you checked our extensive FAQ? http://www.postgresql.org/docs/faq