Question on OSD #5

Chris Travers chris.travers at gmail.com
Sun Nov 25 02:03:17 UTC 2007


On Nov 24, 2007 5:40 PM, Matthew Flaschen <matthew.flaschen at gatech.edu> wrote:
> Chris Travers wrote:

> The key point is that it needs to remain private.  If an NSA agent makes
> classified modifications to the Linux kernel and gives them to another
> agent, that's fine under the GPL, since private modification is allowed,
> and NSA is a single entity.
>
> However, if the NSA wants to distribute outside their organization, they
> can't put any additional restrictions on the code.  It doesn't matter
> /how/ it is transmitted out.  Once it leaves the entity (NSA in this
> case), it can be freely distributed by the recipient.

That is more or less the line I was drawing.  The idea is that secrets
can be kept secret without violating open source, and that  the
enforcement of secrecy rules is sort of beyond our discussion.

However, I would say that the entity is actually the US government in
this case, not the NSA, and they would be allowed to distribute to
other government agencies.

>
> That doesn't mean they /will/ distribute it, and there can be informal
> understandings not to, but I believe any legal requirement not to would
> be a GPL violation.

But suppose it is distributed without permission.  I.e. if I make
private modifications of a GPL'd application and one of my employees
steals and publishes it, it would seem to me that my employee (and all
downstream distributors) might well be guilty of copyright
infringement, and my employee might well be guilty of violating trade
secret protections depending on the nature of the modifications.  If
patents were involved, such clandestine distribution would not
automatically license the patents, by my reading.

In short it would have to be intentional distribution.  Accidental
distribution or theft of secrets would not qualify.

IANAL, etc.

Best WIshes,
Chris Travers



More information about the License-discuss mailing list