[License-discuss] Coordinated release of security vulnerability information.

Bruce Perens bruce at perens.com
Thu Aug 22 18:54:40 UTC 2019


Brendan,

I understand that much effective prosecution of classical "gangsters" was
under tax-code violations rather than more severe criminal law, since
prospective witnesses were often murdered. So, although this is not to say
I'm "pro-gangster", I get your point. I am trying to balance the terms so
that the authors and community are not harmed and so that the license terms
are not a shield for companies that wish to profit from the sequestration
of security information.

    Thanks

    Bruce

On Thu, Aug 22, 2019 at 11:28 AM Brendan Hickey <brendan.m.hickey at gmail.com>
wrote:

> Bruce,
>
> The dissident test is relevant even to people who do not currently face
> summary execution. Think of any person or organization on this side of the
> law that may be nuisance to state actors. Journalist, NGOs, public
> intellectuals. These people exist within institutions, like universities
> and newspapers, which demand that everything they do be above board.
> Besides, asking them to tip their hands and reveal what software they use
> leaks information about what they're doing and increase the attack surface
> for state sponsored cyber attacks.
>
> These dissidents really do exist. I'd appreciate it if you didn't make it
> infinitesimally harder to protect them.
>
> Brendan
>
> On Thu, Aug 22, 2019, 14:10 Thorsten Glaser <tg at mirbsd.de> wrote:
>
>> Bruce Perens via License-discuss dixit:
>>
>> >As a software author, and in order to best support my community, I should
>> >see security information about my own software as soon as possible. Thus,
>> […]
>> >So, I am not so inclined to value the Insurgent test, or whatever it's
>> >called. It's fantastical in nature since such insurgents would not be
>> >restrained by copyright considerations, but by much more severe national
>> >law including consequences such as execution or imprisonment in the
>> gulag.
>>
>> Yes, they would.
>>
>>
>> I think we’ve arrived at the point where the mission of OSI and Debian
>> diverge, even if the OSD and DFSG don’t:
>>
>> In Debian, the priorities are “our users” (cf. Social Contract), not
>> the software, nor the licences, nor the authors of the software.
>>
>> As such, if you insist on your perceived rights as software authors,
>> and the OSI were to allow such a licence, we’d run into the unfortunate
>> situation that this software cannot be included in Debian, which is a
>> precedent for other distributions.
>>
>> (Same for MirBSD really, but the BSDs don’t want to allow new code
>> under non-Copyfree licences anyway. Therefore the discussion has more
>> places where I have to argument with my DD hat.)
>>
>>
>> I ask for OSI to not allow such requirements (restrictions) into
>> approvied licences, even if they may be permittible from some reading
>> of the OSD, due to the mismatch with community standards.
>>
>> I carry a list of free licence lists, which would have to exclude it;
>> it already has a few exclusions in places where the various bodies
>> differ, and a not-licence (PD statement ineffective internationally)
>> accidentally listed as Copyfree, and it’d be sad if that has to grow.
>> See http://www.mirbsd.org/FreeLicenceLists.htm if interested; improve‐
>> ments welcome.
>>
>> bye,
>> //mirabilos
>> --
>> I believe no one can invent an algorithm. One just happens to hit upon it
>> when God enlightens him. Or only God invents algorithms, we merely copy
>> them.
>> If you don't believe in God, just consider God as Nature if you won't deny
>> existence.              -- Coywolf Qi Hunt
>>
>> _______________________________________________
>> License-discuss mailing list
>> License-discuss at lists.opensource.org
>>
>> http://lists.opensource.org/mailman/listinfo/license-discuss_lists.opensource.org
>>
> _______________________________________________
> License-discuss mailing list
> License-discuss at lists.opensource.org
>
> http://lists.opensource.org/mailman/listinfo/license-discuss_lists.opensource.org
>


-- 
Bruce Perens - Partner, OSS.Capital.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensource.org/pipermail/license-discuss_lists.opensource.org/attachments/20190822/c44ff830/attachment.html>


More information about the License-discuss mailing list