[CAVO] STAR Vote
Lawrence Rosen
lrosen at rosenlaw.com
Fri May 29 17:22:30 UTC 2015
What Dan Wallach says about open source licensing below is correct, although I don't blame the problem on lawyers for MIT, Apache, or even Android. :-)
As long as software for voting and election is available to everyone under an OSI-approved FOSS license, we should be comfortable with that.
ANY OSI-approved FOSS license! Recommending a specific open source license at this stage is kind of foolish. It depends a lot on the preferences of the developers and their customers, and on the characteristics of the software itself.
But for CAVO, the license must be open source and thus on the OSI-approved list. The OSET Foundation license (OPL) has never been submitted for OSI approval. We can't use it.
The reason I recommended the GPLv3 license for CAVO is because that license is enthusiastically supported by many people around the world. They "trust" the GPL license to create secure software. They are confident that such software will "remain always" free. But that isn't the only license for free software. And it isn't the only OSI-approved license that people trust.
/Larry
Lawrence Rosen
"If this were legal advice it would have been accompanied by a bill."
From: Brent Turner [mailto:turnerbrentm at gmail.com]
Sent: Friday, May 29, 2015 9:11 AM
To: Dan Wallach; Brian Fox; Lawrence Rosen; Tim Mayer; CAVO
Cc: Bryce Eakin (bryce.eakin at gmail.com); Ronald Morgan; Michael Winn; Michelle Parker; Jan Soifer (jsoifer at oconnellsoifer.com); Dana Debeauvoir
Subject: Re: [CAVO] STAR Vote
Checking in on any updates here-
Best-
Brent
On Thu, Apr 30, 2015 at 12:26 PM, Dan Wallach <dwallach at cs.rice.edu <mailto:dwallach at cs.rice.edu> > wrote:
I can't speak on behalf of Travis County, but I can explain why we're talking about "suitable open source license" rather than picking a specific one. In short, because lawyers. That's why MIT did their own. That's why Apache did their own. Ditto for Android. It's too early in the game to write down specific legal language. Instead, what matters is that we talk about our intent.
The idea behind pointing specifically to the vote verification machinery as distinct from the rest of the voting machine is that we haven't nailed down the business specifics yet. That depends, in no small part, on who's paying for it. However, it's essential to the security model that independent third parties have the data and tools necessary to verify the cryptographic aspects of the election, and the best way to make that happen is to develop code that's easy to give away. (Again, under a "suitable" open source license.) The intent is that the Democrats, the Republicans, the newspapers, the League of Women Voters, etc., can take the reference code and build their own bespoke web services or whatever else.
Thanks,
Dan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensource.org/pipermail/cavo_lists.opensource.org/attachments/20150529/40d7e948/attachment.html>
More information about the CAVO
mailing list