lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 17 Sep 2007 20:02:30 +0200
From:	Paul de Weerd <weerd@...rdnet.nl>
To:	Adrian Bunk <bunk@...nel.org>
Cc:	Paul de Weerd <weerd@...rdnet.nl>,
	"Can E. Acar" <can.acar@...-g.com.tr>, misc@...nbsd.org,
	linux-kernel@...r.kernel.org,
	Daniel Hazelton <dhazelton@...er.net>,
	Eben Moglen <moglen@...twarefreedom.org>,
	Lawrence Lessig <lessig_from_web@...ox.com>,
	"Bradley M. Kuhn" <bkuhn@...twarefreedom.org>,
	Matt Norwood <norwood@...twarefreedom.org>
Subject: Re: Wasting our Freedom

On Mon, Sep 17, 2007 at 05:38:46PM +0200, Adrian Bunk wrote:
| > Something is wrong if your licence text clearly states that you MUST
| > give back, but then you don't return the favour on grounds that "hey,
| > they don't require it, so we don't have to".
| >...
| 
| The GPL doesn't require to give back under a licence that gives less 
| protection for the code than the GPL does.

It does not, I may not have been explicit but this is what I was
alluding to. It was, in fact, what I was pointing out. Your preferred
licence doesn't require it, so you don't do it. [and by you, I do not
mean you in person]

| If you take the BSD licence seriously you don't request to get anything 
| back on moral grounds.

I do take the BSD licence serious and I do not request to get anything
back on any BSD-grounds (moral, legal, other). I was referring to the
GPL's "you must share" attitude that isn't reciprocal.

I'm not making any arguments against any (commercial) user of BSD
licenced code on moral (or legal or other) grounds that they should
give back. I am (and I think others too, but I do not wish to speak
for them) trying to make an argument based on the 'share'-nature of
the GPL that doesn't give back the freedom of BSD licenced code.

| If you take the GPL seriously you don't want your modifications being 
| available with less protection.

If you have respect for both licences and you don't want your code
available with less protection, rewrite. BSD developers have done so
for various GPL licenced programs. After having used GPL licenced code
for some time, some developer decides that he prefers another licence
and does a rewrite. Linux Kernel Developers have it easier in this
respect. They do not have to rewrite - they can take BSD licenced code
and use it in their kernel without changing the licence or needing a
rewrite [or so I've understood - IANAL].

If you use someone else's code, show this fellow free software / open
source developer some respect and give back as freely as you received.
This respect is enforced in the GPL, the BSD doesn't even mention it.
BSD folks tend to have lots of respect for good code and they try to
respect licences [not making any observations about other folks or
other subjects here, this is based on my personal observations]

I'm clearly not saying you must give back, legally [but still, IANAL].
I'm saying you should give back as freely as you received, out of
respect. Someone else already mentioned it : Just because you can take
BSD licenced code and do (almost) whatever you wish, doesn't mean you
should. Leave that up to the Big Evil Corps (the ones that also use
GPL'ed code without giving back, btw).

| In reality, where it makes sense technically, it's quite likely that an 
| author will make his modifications, or even a completely self-written 
| driver, also available under the terms of the BSD licence when asked in 
| a friendly way.

This, of course, would be perfect. But in all fairness, why then
release anything under the GPL ? Please, don't get me wrong, I respect
the GPL and the Linux kernel and especially each developers choice of
licence, but I doubt it's that easy (of course, on a case-by-case
basis, there's nothing to lose).

Cheers,

Paul 'WEiRD' de Weerd

-- 
>++++++++[<++++++++++>-]<+++++++.>+++[<------>-]<.>+++[<+
+++++++++++>-]<.>++[<------------>-]<+.--------------.[-]
                 http://www.weirdnet.nl/                 

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ