For Approval: Public Security Interrest "PSI" License

[Wolfram Kleff]

> > S1. You may not violate the security of this software, its ideas,
> >     its protocols or structures.
>
> Not testable.  How do you know whether a change "violates the security"?

I think its obvious:
A really simple example:
A patch tries to change
f=open("/dev/random")
to
f=open("/dev/zero")
in keygeneration...
(If you aren't familiar with cryptography: This means that the security is 
easily broken because everything is encrypted with a zero-bit key.)
With GPL it would be no problem to distribute such stuff and the author(s) 
have no chance to prevent such distribution!
Please consider that the PSI license is intended for high-security and 
critical software, not for "normal" software.

Yes, it is testable for people who know every bit of the software.
(Hopefully the original author... ;-)

> > The remaining Terms and Conditions are taken and adapted/modified from
> > the GPL to meet the above criteria:
>
> What you have here is a derivative work of the GPL,

No: It _is_ the GPL - no "derivative work"!
Only some parts needed to be adapted to the Security Criteria which have 
priority.
The PSI core rules "S" are strictly separated from the GPL "G".
And to my knowledge GPL doesn't focus on security aspects in any way. PSI only 
changes critical security aspects in GPL which aren't covered.
So I don't see a problem here.

> and you need FSF
> permission to make such a thing, since the license of the GPL does not
> grant you that right.

As stated above I don't see a violation like "derivative work".
If FSF really thinks so, they should explain it please.
Do you have the right to speak for FSF in legal matters?
If so, please be more specific whats wrong here.

BTW:
There are many "Open Source" licenses on opensource.org but I don't see anyone 
focusing on security, or have I missed one?

--
license-discuss archive is at http://crynwr.com/cgi-bin/ezmlm-cgi?3