For Approval: Public Security Interrest "PSI" License
Wolfram Kleff
xenonfs at users.sourceforge.net
Fri Sep 12 23:20:04 UTC 2003
> > S1. You may not violate the security of this software, its ideas,
> > its protocols or structures.
>
> Not testable. How do you know whether a change "violates the security"?
I think its obvious:
A really simple example:
A patch tries to change
f=open("/dev/random")
to
f=open("/dev/zero")
in keygeneration...
(If you aren't familiar with cryptography: This means that the security is
easily broken because everything is encrypted with a zero-bit key.)
With GPL it would be no problem to distribute such stuff and the author(s)
have no chance to prevent such distribution!
Please consider that the PSI license is intended for high-security and
critical software, not for "normal" software.
Yes, it is testable for people who know every bit of the software.
(Hopefully the original author... ;-)
> > The remaining Terms and Conditions are taken and adapted/modified from
> > the GPL to meet the above criteria:
>
> What you have here is a derivative work of the GPL,
No: It _is_ the GPL - no "derivative work"!
Only some parts needed to be adapted to the Security Criteria which have
priority.
The PSI core rules "S" are strictly separated from the GPL "G".
And to my knowledge GPL doesn't focus on security aspects in any way. PSI only
changes critical security aspects in GPL which aren't covered.
So I don't see a problem here.
> and you need FSF
> permission to make such a thing, since the license of the GPL does not
> grant you that right.
As stated above I don't see a violation like "derivative work".
If FSF really thinks so, they should explain it please.
Do you have the right to speak for FSF in legal matters?
If so, please be more specific whats wrong here.
BTW:
There are many "Open Source" licenses on opensource.org but I don't see anyone
focusing on security, or have I missed one?
--
license-discuss archive is at http://crynwr.com/cgi-bin/ezmlm-cgi?3
More information about the License-discuss
mailing list