0

Strange title but let me explain.

I have an on-premise software (Millions of installs) that uses all embedded versions of Firebird since 2.5. They are all in there for easy backup/restore cycles when updating from all previous versions of my software because the users of this software are rather not admin level people. So what's needed here is backups from at best all old Firebird version to be able to restore them as the most current Firebird version.

But in this security aware getting world everyone uses security scanners now on their systems and there the problem begins. Firebird 3 uses the MSVC++ 2010 runtime and that one is end of life and will be detected and companys start refusing to update/use the software because of that (somewhat understandable). Even if Firebird 3 itself is supported and not EOL its dependencies are and i need to deliver those to get at least gbak of FB3 working.

So the questions is about the options to get a backup of a Firebird 3 database without the End of Life Runtime dependency of it if possible?

  • recompiling gbak targeting a different runtime (complexity?)
  • 3rd party backup tools that know most ODS versions?
  • newer FB version with a gbak tool knowing most ODS versions?
asked Aug 16, 2024 at 12:16

1 Answer 1

1

The only solution in this situation is compiling of Firebird 3 with a modern compiler. You can do it yourself or get an artifact from GitHub CI action such as this one where MSVC 2022 is used.

But I'm afraid that using of a self-compiled software won't pass the security checks as well.

answered Aug 16, 2024 at 12:45
6
  • Thanks. Will dive into that. The linked build process uses VS2022 build tools but still the old 2010 runtime so need to change more then the compiler. Self compiled shouldn't be problem if properly signed. It might rather be a licensing question if that's allowed by the firebird guys or not. But will have a look at that also. Commented Aug 16, 2024 at 14:31
  • There'll be no problem with compiling yourself - the Firbird licence is quite liberal! But ask on the lists to be sure, but it's not far off a MIT/BSD style... (IANAL!). Commented Aug 16, 2024 at 16:27
  • @Vérace It is more like the Mozilla Public License (in fact, it is effectively a rebranded MPL (1.1 IIRC)) Commented Aug 17, 2024 at 8:29
  • @MarkRotteveel but liberal enough nonetheless? What can't be done with the code? AFAICS, closed source commercial forks are allowed, so how is it different from a BSD/MIT licence? Commented Aug 17, 2024 at 10:31
  • @Vérace Liberal enough to do so, yes, but as I understand it the BSD/MIT license are far more liberal (and simple). Commented Aug 17, 2024 at 10:36

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.