For Approval: Public Security Interrest "PSI" License
Alex Russell
alex at netWindows.org
Fri Sep 12 15:31:53 UTC 2003
On Friday 12 September 2003 07:08, you wrote:
> Wolfram Kleff scripsit:
> > S1. You may not violate the security of this software, its ideas,
> > its protocols or structures.
>
> Not testable. How do you know whether a change "violates the security"?
Additionally, he has failed to define "security". The traditional definitions
include any number of properties that must be enforced togeather in order to
insure some level of trustability as absolute trustability is not acheivable
with current methods and technology. Think about it, if a system is
misconfigured, do you loose your license even if the core software is
"secure"? Also, given the language in S4, does it imply that when you better
learn to secure an environment that you are compelled to do so for the system
in which this code is running or you'll loose your license? Is your best
course of action then to remain ignorant?
Failing to outline what "security" means and what to breach it means should be
enough to clobber this license as proposed. It is overly vague and puts
onerous and un-meetable restrictions on the user as the definition of what is
secure is necessarialy dependant on security target, installation
environment, and configuration.
Even more onerous than this, to my mind, is the requirement of a "secure
processing environment" this is verifiable. S4 seems to imply that all
designs from the UART design on up of the system must be public. This is not
practicable in most non-governmental environments.
Regards.
--
Alex Russell
alex at burstlib.net BD10 7AFC 87F6 63F9 1691 83FA 9884 3A15 AFC9 61B7
alex at netWindows.org F687 1964 1EF6 453E 9BD0 5148 A15D 1D43 AB92 9A46
--
license-discuss archive is at http://crynwr.com/cgi-bin/ezmlm-cgi?3
More information about the License-discuss
mailing list