Fwd: Re: Updated license - please comment
Chuck Swiger
chuck at codefab.com
Mon Jun 23 18:08:24 UTC 2003
David Presotto wrote:
[ ... ]
> I understand where someone wouldn't want their code destroyed, perverted,
> whatever. However, broken or malicious is a bit of a judgement call, is
> it not? I have a hard time seeing where the line would be drawn.
I agree with you that it's hard to draw the line exactly.
Furthermore, I bet there will exist ambiguous cases regardless of where the line
*is* drawn. However, I submit that there also exist unambiguous cases of
"broken or malicious" distributions of software, such as those identified by
CERT (http://www.cert.org/advisories/):
CA-2002-30: Trojan Horse tcpdump and libpcap Distributions
CA-2002-28: Trojan Horse Sendmail Distribution
CA-2002-24: Trojan Horse OpenSSH Distribution
> OSD #4 already provides a way for an author to distinguish what constitutes
> an `authentic' version. Might that not be enough? Then a body (person
> whatever) can bless the authentic/proven-correct/secure/whatever version
> but everyone can still distribute modifications.
I'm not sure, so I guess I need to think more about this. :-)
In the case where someone wants to fork a new version of a project for "good
reasons" (left undefined due to the problem of 'drawing the line exactly'),
clearly distinguishes their version from the parent project, that should be
permitted by all open source software.
I think a canonical example of this would be the XEmacs project compared with
GNU Emacs: the forked version is clearly identified, provides a clear
justification/raison d'etre, provides reference back to the parent project, etc.
If RMS were to claim that XEmacs was a "deliberately broken or malicious
distribution of GNU Emacs" and ask for a legal injunction that RCN.net to take
down the XEmacs site, the XEmacs authors could respond, and the judge could
decide whether the XEmacs project was violating the GPL. The answer in this
case should be no, of course.
On the other hand, the people breaking into sites to trojan sendmail or OpenSSH
are highly unlikely to want to be identified, and thus aren't going to contest
if the authors of sendmail don't want a trojaned sendmail distribution distributed.
--
-Chuck
--
license-discuss archive is at http://crynwr.com/cgi-bin/ezmlm-cgi?3
More information about the License-discuss
mailing list