Tell that to Susanna Hupp after the Luby's shooting. She watched a gunman shoot both of her parents, while her gun was lawfully elsewhere, it was illegal at the time to conceal carry in Texas.

Statistics show taking guns away causes an increase in violent crime... See Australia and England
Statistics show that allowing for more lawful firearm posession (concealed carry) tends to reduce violent crime... See Florida, Texas etc.

The bottom line really comes down to this... Do you want to have a 100% guarantee that a criminal can shoot you with impunity, or a chance to protect your life... Tell that to Susanna Hupp after the Luby's shooting.

Who will they blame when gun violence goes up?

While technically true, this argument does fall apart when a company such as Oracle rebrands RHEL into OEL, then goes on the offensive against RHEL/Red Hat when they don't have much of a team of developers to continue developing OEL should the hypothetical, but very unlikely, situation of Red Hat going away. In a situation such as that it's kind of like Oracle is biting the hand that feeds it.... CentOS on the other hand rebrands RHEL, but does not try to present themselves as the main proprietor of the distribution. In addition the CentOS community does try to push bug reports upstream when possible.

Not quite....

Technically, Red Hat's "product" is a compiled copy the Linux kernel and associated Open Source Packages required to create a working operating system. Yes the source is free, and Red Hat does follow through on the GPL obligations, but on it's own the source is useless, you can't actually use it without you or someone else spending the time and effort to compile it first. Thus Red Hat is "selling" a compiled and packaged form of the associated source code, however it's sold in the form of a subscription which includes access to software updates and some level of support.

Red Hat has a poster in almost every office quoting Ghandi:
First they ignore You
Then they laugh at you
They they fight you
Then you win.

That quote permeates most of Red Hat Culture.

Red Hat also announced that they will be donating $100,000 to each of the following organizations; Creative Commons, Electronic Frontier Foundation, Software Freedom Law Center and UNICEF Innovation Labs. http://www.redhat.com/about/news/archive/2012/3/A-billion-thanks-to-the-open-source-community-from-Red-Hat

If you're worried about a user jumping out of your app and then searching the Internet, and you're in a a testing setting, you should be looking at a wholistic approach.

Your students will break your application, it's only a matter of time. Use other approaches to make this a useless option.

1) Don't allow any Internet access from the network layer, at all, this includes DNS servers. Ideally your systems should be on a completely disconnected network, meaning there are absolutely no external network connections.

2) Use SELinux to lock down your system. SELinux uses a mandatory permissions model, meaning you *must* be granted permission to be able to do anything.

3) Lock down alternative means of cheating. Cell phones, paper notes and so forth.

4) Follow through with punishing cheating in an appropriate manner.

5) Listen to the feedback of your users (Instructors and Students). This may seem counter intuitive, but it can help you build a better system.

Before I came to Red Hat I had a similar opinion. When I worked in Silicon Valley I thought "Why would anyone want to pay for Red Hat, I can't afford it so that means it's expensive." However after being at Red Hat for over a year my opinion has changed, and that has been because of some things I have witnessed.

Support is one of the first things people think about, however there is a little more than meets the eye here. Let's start with the packages. Let's say there's a major exploit in SSHd, you will likely see a fix from Red Hat within a few days, which will then be available via RHN. The source to the rpm will also be available at ftp.redhat.com due to the GPL obligations. (More on the GPL and RH later.) At this point in time RH customers have the patch available, in this fictitious scenario let's say it took RH 3 days to release the patch from time of exploit publication. CentOS users still don't have the fix, plus CentOS operates somewhat as a "Black Box." You will get the fix when they get around to it, let's say that takes two weeks before it's released (Could be more could be less). That means your systems are vulnerable for about two weeks, in some shops that's an acceptable risk, in other places it's not.
* Support from people is the other thing that people think about. Have you ever had to call RH support? If yes have you ever talked with an idiot? In the many times I have called RH support I have not dealt with anyone who I felt was sub-standard. Most often the problem I have seen is when the clients I'm working with do not present RH support with the information required in a timely manner. When the answers come back they often link to other knowledge base articles and have clear steps to either solve the problem or to better understand some of the complexities. When a solution is found and there is not a KBase article I understand (I may have heard wrong here) that there is an obligation to write a KBase article. I know that tickets are reviewed after they are closed. One ticket I opened regarding Satellite for a customer is getting discussion amongst the Satellite developers about how to best handle the same scenario in the future.
* Support from Articles, this I feel is a real hidden Gem of RH. Nobody knows about it until you have a subscription, and then everyone is so used to using Google for their answers they forget to start here first. The KBase articles from RH are phenomenal! I had a customer ask me how to rebuild the RH ISO image to include their own KS script. I could Google and find 10 articles talking about much of what I'm looking for or search the KBase and find one article that has every step needed for modifying a RHEL disk to have the KS script on the disk.
* Training. Having been through a few RH training classes I can say they are all very good. Yes there are some areas where I have questioned the need to know some things, but that is normal, but I'm never left feeling like the class was a waste. I have always walked out having learned many things which I can use later.
* Consulting. Yes there are many open source consultants who can come onsite and help implement a solution or fix something, however how many of them have access to the people who wrote the Distro or maintain the upstream project? RH has an internal list just for technical questions, many of the engineers are on this list and very technical answers are delieverd. Often SAs (Solutions Architects) and Consultants will post questions their clients have asked. I have yet to see a response of "Why would you want to do that?" or "RTFM."
* Additional products. Red Hat takes upstream projects and repackages them to integrate tightly with RH. Satellite is one example, it comes from Spacewalk and is designed to help keep internal systems up to date and patched according to their channel assignment. Could you use Spacewalk to manage your CentOS machines, yes you can! However let's say you have a problem getting Spacewlak to work right, or there's a bug, what kind of support is available? Only the community, which means you are at the mercy of someone taking your issue and championing it so that it's fixed, or you take the time to learn the code and fix it.

CentOS *can* work. However when you need support or you find a major issue is when the luster of CentOS may fade. Also what happens when CentOS implodes again? Is your infrastructure worth that risk? For some environments that is acceptable, and only you know that answer for your environment. Also does your environment have to deal with compliance issues? Will CentOS meet those compliance issues in terms of auditing and support?

There's a lot more than meets the eye in the enterprise setting. If you haven't already, reach out to your SA. They are the technical people who are there to understand your needs and how RH can help fulfill those needs. In the end your CIO may feel that the above risks are acceptable, the only question then is would the stinky stuff flow downhill when that decision goes sideways and fall back on your head?

>His job is to maximize shareholder value. If that means settling for a lower price than the cost of pursuing a court case, that is what he is going to do.

f I had the points I'd mod your post up. :-)

You actually understand what is going on better than most people responding to this thread. It comes down to simple economics. If you can pay someone to shut up (and perhaps get a license for Open Source in general) for a fraction of what it would cost to have your legal team peruse it then it makes more sense to pay them the hush money than waste your legal team's efforts. In addition if you loose on a small fry the potential ramifications are huge as they ripple through the rest of of the patent system, which in part is built upon previous cases. Rather it makes much more sense to be strategic in dealing with those who are trolling.