For Approval: Public Security Interrest "PSI" License

Alex Russell alex at
Fri Sep 12 15:31:53 UTC 2003

On Friday 12 September 2003 07:08, you wrote:
> Wolfram Kleff scripsit:
> > S1. You may not violate the security of this software, its ideas,
> >     its protocols or structures.
> Not testable.  How do you know whether a change "violates the security"?

Additionally, he has failed to define "security". The traditional definitions 
include any number of properties that must be enforced togeather in order to 
insure some level of trustability as absolute trustability is not acheivable 
with current methods and technology. Think about it, if a system is 
misconfigured, do you loose your license even if the core software is 
"secure"? Also, given the language in S4, does it imply that when you better 
learn to secure an environment that you are compelled to do so for the system 
in which this code is running or you'll loose your license? Is your best 
course of action then to remain ignorant?

Failing to outline what "security" means and what to breach it means should be 
enough to clobber this license as proposed. It is overly vague and puts 
onerous and un-meetable restrictions on the user as the definition of what is 
secure is necessarialy dependant on security target, installation 
environment, and configuration.

Even more onerous than this, to my mind, is the requirement of a "secure 
processing environment" this is verifiable. S4 seems to imply that all 
designs from the UART design on up of the system must be public. This is not 
practicable in most non-governmental environments.


Alex Russell
alex at    BD10 7AFC 87F6 63F9 1691 83FA 9884 3A15 AFC9 61B7
alex at  F687 1964 1EF6 453E 9BD0 5148 A15D 1D43 AB92 9A46
license-discuss archive is at

More information about the License-discuss mailing list