On Fri, Mar 20, 2015 at 8:06 PM, Ish Sookun <ish_at_hacklog.in> wrote:
> 2015-03-20 23:46 GMT+04:00 Loganaden Velvindron <loganaden_at_gmail.com>:
>>
>>
>> When it comes to National Security, we cannot talk about
>> sub-contracting the work. I'm not comfortable with the idea of a
>> Mauritian Registry whose implementation was left to a non-Mauritian
>> group which can potentially insert a backdoor for passive
>> surveillance.
>
>
> Did you voice out the same when Government Web Portal was sub-contracted to
> an Egyptian company LinkDev[1]?
> Did I mention non-Mauritian sub-contracting?
>
> I give you a scenario, say SM, I and a couple few other people work on this
> proposal and we have to implement it. We choose to hire you as a developer
> to code a plugin that could provide us custom stats from Bind. You don't
> know the rest of the infrastructure. You're given a specific task. Your code
> is then audited by several other people. Tell me the point at which there
> will be a security flaw? There could be, you tell me.
That would be a contractual agreement. Once I'm done writing the
plugin, I would move to another project. You can't expect a contractor
to be held responsible once the product is shipped, because of some
bug that later turned out to be a security vulnerability. If such is
the case, and at the same time, I'm getting a better contract with
another client, then, I would go work where there is more money, and
choose the other contract.
However, when a person is an employee, he will have to answer later
on. That's what we are looking for here: a structure put in place
where the employee(s) work full-time, drive the project, and maintain
it. We don't want changing sub-contractors after each feature
request/major rewrite, and be left with legacy code, and layers and
layers of code added on by later developers who have no clue what the
previous developer did.
For the new .mu to be successful in the long term, we need employees
who will commit themselves in the long term, and lay down a strong
foundation and a well-executed growth plan.
>
>> I would expect the employee to come with a sensible design, and drive
>> the implementation and deployment. This would help for accountability:
>> That employee cannot blame it on a sub-contractor.
>
>
> Irrelevant to the initial discussion where SM asked me if I would be willing
> to write a proposal for free. You're taking the thread out of proportion
> till it will just explode.
>
>>
>> I believe that salaries are adjusted periodically for inflation, and
>> therefore cannot be a one-time cost.
>
>
> Nope buddy. The first year, you paid for hardware, consultancy +
> implentation & training (handing over). The recurrent caters for the people
> having been trained to look after. That's what is summed up in the cost
> breakdown.
>
> Consultancy & training fees are not recurrent. That is where the job of the
> "people having written a proposal" ends :-)
>
> If I write part of a proposal, it doesn't mean I will sit on top of the
> hardware & software for the rest of my life.
>
> [1]
> http://www.linkdev.com/news-room/press-releases/link-development-celebrates-the-launch-of-mauritius-e-governement-portal
>
> Regards,
>
> Ish Sookun
>
> - Geek by birth, Linux by choice.
> +-+-+-+-+-+-+-+-+-+-+
> |H|A|C|K|L|O|G|.|i|n|
> +-+-+-+-+-+-+-+-+-+-+
>
> https://twitter.com/IshSookun ^^ Do you tweet?
--
This message is strictly personal and the opinions expressed do not
represent those of my employers, either past or present.
Received on Sat Mar 21 2015 - 06:51:32 PST