[License-discuss] Coordinated release of security vulnerability information.

Thorsten Glaser tg at mirbsd.de
Thu Aug 22 16:27:19 UTC 2019


VanL dixit:

>What would everyone here think of the following exception to the CAL's
>requirement to provide source code:

It might address the topic, but I have a really hard time wrapping
my head around all the restrictions and terms used.

I’d like to argue in favour of a general grace period before
releasing the source, but I can see why you’d not want that.
I can’t do the mental exercises necessary to think about less
complex/restrictive conditions for that clause, though. Think
from the perspective of a user of your software… perhaps they
might not actively participate in the coordinated disclosure
(merely get the embargoed patch from someone who does, which
incidentally must also be possible) or something. Similar for
the others.

bye,
//mirabilos
-- 
21:12⎜<Vutral> sogar bei opensolaris haben die von der community so
ziemlich jeden mist eingebaut │ man sollte unices nich so machen das
desktopuser zuviel intresse kriegen │ das macht die code base kaputt
21:13⎜<Vutral:#MirBSD> linux war früher auch mal besser :D



More information about the License-discuss mailing list