lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 06 Oct 2011 10:01:09 -0400
From: Valdis.Kletnieks@...edu
To: root <root_@...ertel.com.ar>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: New open source Security Framework

On Thu, 06 Oct 2011 00:34:00 -0300, root said:

> You don't have the faintest idea of how licencing works. You cannot slap
> a GPL v3 license to any software you see, much less erase the author's
> names. If you find a code in the internet without any license, you
> pretty much can't touch it, and must re-implement it completely.

In particular, if code was written in a country that's a signatory to the Berne
conventions, it's usually somewhere between very difficult and impossible to
actually place a software work in the public domain - at least under US law,
even putting an explicit "This work is hereby placed in the public domain"
quite likely does *NOT* suffice - the only two clear ways to public domain in
the US are expiration of the "lifetime of the author plus 75 years" copyright,
and "works for hire by a US federal government employee as part of his duties"
(so, for instance, NASA photographs are public domain - but photos of NASA
activities taken by non-NASA photographers probably aren't).

Also, smart programmers *don't* release their code into the public domain -
that means that anybody can do anything with it. And that includes stealing it,
using it to make tons of money, and then suing you if they discover a bug.  The
original reason for the BSD and X11 licenses was because you can't stick a
"hold harmless" clause on something you public-domain.


Content of type "application/pgp-signature" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ