lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 6 Oct 2011 19:40:00 -0400
From: Jeffrey Walton <noloader@...il.com>
To: "Zach C." <fxchip@...il.com>
Cc: full-disclosure@...ts.grok.org.uk, Valdis.Kletnieks@...edu
Subject: Re: New open source Security Framework

On Thu, Oct 6, 2011 at 6:35 PM, Zach C. <fxchip@...il.com> wrote:
> Re: putting things in the public domain: Daniel J. Bernstein and Lawrence
> Rosen (of Creative Commons fame, I believe) seem to disagree with you on
> that: http://cr.yp.to/publicdomain.html
>
> Plus, pretty much the only 'license' djb uses is public domain, so qmail,
> djbdns, etc. are all public domain. Incidentally, SQLite (*not* written by
> djb) is *also* public domain, and very widely used, too.
Crypto++ is also public domain.

> As for being sued for public domain code... I would say it is hard to sue an
> owner that does not exist (which is what public domain seems to do). Plus,
> they would probably have to prove malice or something.
I would not put anything past the lawyers.

Jeff

> On Oct 6, 2011 7:02 AM, <Valdis.Kletnieks@...edu> wrote:
>> On Thu, 06 Oct 2011 00:34:00 -0300, root said:
>>
>>> You don't have the faintest idea of how licencing works. You cannot slap
>>> a GPL v3 license to any software you see, much less erase the author's
>>> names. If you find a code in the internet without any license, you
>>> pretty much can't touch it, and must re-implement it completely.
>>
>> In particular, if code was written in a country that's a signatory to the
>> Berne
>> conventions, it's usually somewhere between very difficult and impossible
>> to
>> actually place a software work in the public domain - at least under US
>> law,
>> even putting an explicit "This work is hereby placed in the public domain"
>> quite likely does *NOT* suffice - the only two clear ways to public domain
>> in
>> the US are expiration of the "lifetime of the author plus 75 years"
>> copyright,
>> and "works for hire by a US federal government employee as part of his
>> duties"
>> (so, for instance, NASA photographs are public domain - but photos of NASA
>> activities taken by non-NASA photographers probably aren't).
>>
>> Also, smart programmers *don't* release their code into the public domain
>> -
>> that means that anybody can do anything with it. And that includes
>> stealing it,
>> using it to make tons of money, and then suing you if they discover a bug.
>> The
>> original reason for the BSD and X11 licenses was because you can't stick a
>> "hold harmless" clause on something you public-domain.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ