| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200403011820.i21IK5Lh000980@turing-police.cc.vt.edu> From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu) Subject: The Trillian GPL violation allegations are confirmed false. On Sun, 29 Feb 2004 01:54:51 +0100, Tobias Weisserth <tobias@...sserth.de> said: (Note - although my name got dragged into this, I'm not at all privy to what the actual Trillian code looks like... I just contributed a Gaim "off by one" fix that happened to be in the code section in question). > Question: If Cerulean Studios let GAIM use parts of their codebase, how > can the GAIM people license this under the GPL? Because I'm told they shared *algorithms*, not actual code. And copyright and GPL don't enter into it. "What you need to do is loop across the packet while doing this..." You might still have patent or trade-secret issues, but there's no copyright issue at that point. > There are enough clients that can connect to the Yahoo network and which > haven't been vulnerable to the GAIM exploits (which were buffer > overflows mainly if I remember correctly). If the shared algorithm had a bug (such as "oh, and don't forget to do this") then of course both implementations will be broken. Bugs can creep through even the best Chinese-wall development - if the original has a bug, the team doing the reverse engineering will probably have the bug in the specs that get handed across the wall, and as a result the code written will be bug-compatible. At a previous gig, a co-worker of mine wrote an emulator for a Tektronix 4027 graphics terminal to run on a Zenith Z-100. Working only from published specs and "what does a real 4027 scribble on the screen" he found his program produced different results for certain color-fill operations with some complex self-intersecting polygons - which he tracked down to a bug in the 4027 firmware, and then reproduced in his software to be bug-compatible. All without access to any proprietary Tektronix information.... -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 226 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040301/53329aa1/attachment.bin
Powered by blists - more mailing lists