[License-discuss] Coordinated release of security vulnerability information.

Brendan Hickey brendan.m.hickey at gmail.com
Thu Aug 22 18:27:50 UTC 2019


Bruce,

The dissident test is relevant even to people who do not currently face
summary execution. Think of any person or organization on this side of the
law that may be nuisance to state actors. Journalist, NGOs, public
intellectuals. These people exist within institutions, like universities
and newspapers, which demand that everything they do be above board.
Besides, asking them to tip their hands and reveal what software they use
leaks information about what they're doing and increase the attack surface
for state sponsored cyber attacks.

These dissidents really do exist. I'd appreciate it if you didn't make it
infinitesimally harder to protect them.

Brendan

On Thu, Aug 22, 2019, 14:10 Thorsten Glaser <tg at mirbsd.de> wrote:

> Bruce Perens via License-discuss dixit:
>
> >As a software author, and in order to best support my community, I should
> >see security information about my own software as soon as possible. Thus,
> […]
> >So, I am not so inclined to value the Insurgent test, or whatever it's
> >called. It's fantastical in nature since such insurgents would not be
> >restrained by copyright considerations, but by much more severe national
> >law including consequences such as execution or imprisonment in the gulag.
>
> Yes, they would.
>
>
> I think we’ve arrived at the point where the mission of OSI and Debian
> diverge, even if the OSD and DFSG don’t:
>
> In Debian, the priorities are “our users” (cf. Social Contract), not
> the software, nor the licences, nor the authors of the software.
>
> As such, if you insist on your perceived rights as software authors,
> and the OSI were to allow such a licence, we’d run into the unfortunate
> situation that this software cannot be included in Debian, which is a
> precedent for other distributions.
>
> (Same for MirBSD really, but the BSDs don’t want to allow new code
> under non-Copyfree licences anyway. Therefore the discussion has more
> places where I have to argument with my DD hat.)
>
>
> I ask for OSI to not allow such requirements (restrictions) into
> approvied licences, even if they may be permittible from some reading
> of the OSD, due to the mismatch with community standards.
>
> I carry a list of free licence lists, which would have to exclude it;
> it already has a few exclusions in places where the various bodies
> differ, and a not-licence (PD statement ineffective internationally)
> accidentally listed as Copyfree, and it’d be sad if that has to grow.
> See http://www.mirbsd.org/FreeLicenceLists.htm if interested; improve‐
> ments welcome.
>
> bye,
> //mirabilos
> --
> I believe no one can invent an algorithm. One just happens to hit upon it
> when God enlightens him. Or only God invents algorithms, we merely copy
> them.
> If you don't believe in God, just consider God as Nature if you won't deny
> existence.              -- Coywolf Qi Hunt
>
> _______________________________________________
> License-discuss mailing list
> License-discuss at lists.opensource.org
>
> http://lists.opensource.org/mailman/listinfo/license-discuss_lists.opensource.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensource.org/pipermail/license-discuss_lists.opensource.org/attachments/20190822/8709bdc2/attachment.html>


More information about the License-discuss mailing list