From: Jim Choate <ravage@EINSTEIN.ssz.com>
Date: Tue, 29 Sep 1998 08:02:57 +0800
To: cypherpunks@EINSTEIN.ssz.com (Cypherpunks Distributed Remailer)
Subject: Re: GPL & commercial software, the critical distinction (fwd)
Message-ID: <199809291302.IAA06395@einstein.ssz.com>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> Date: Tue, 29 Sep 1998 08:14:50 -0400
> From: Adam Shostack <adam@homeport.org>
> Subject: Re: GPL & commercial software, the critical distinction (fwd)

> On Mon, Sep 28, 1998 at 07:09:51PM -0500, Jim Choate wrote:
> | 
> | The problem with your interpretation is that in a sense you want your cake and
> | eat it too. In short you want to be able to use somebody elses code in your
> | product without their having a say in how their code is used or receiving a
> | cut of the profits. The GPL/LGPL is specificaly designed to prevent this.
> 
> 
> 	I'll suggest that in a security context, having ones cake and
> eating it too may not be such a bad thing.

Only if you're the author or publisher and your goal is to watch your bank
account grow to exclusion of all else, everybody else gets screwed.

>  If I can develop a
> commercial product with crypto code thats been made available to the
> community, then there is a lower chance the code will contain bogosity 
> in its security critical functions.
> 
> 	The GPL (not the LGPL) specifically prevents this with the
> best of intentions.

Prevents what, releasing commercial code within a L/GPL'ed context? No, it
doesn't. What it does do is *guarantee* that the customer has some chance of
understanding what his code does (it's called code review and is highly
regarded in crypto algorithm analysis circles) and makes sure the original
L/GPL'ed holder has a stake in any commercial ventures the *source* code is
used in.

I'd say that's a win-win for everyone except those who want something for
nothing so they can buy a new expensive do-dad.

I'll say it again, neither the GPL or the LGPL prevent fully commercial
code development. *HOWEVER* to do that within the context *requires* that
the API to your commercial applications be released and available. This is a
good thing. The only objection to releasing an API is to stifle competition,
*THAT* is a bad thing.

The idea from a free-market perspective:

The idea is that while the actual source code is protectable the API is not
so that *fair* competition can be ensured. The whole free-market theory
must exist in a fairly competitive market. In the context of software that
means full and open API's so that alternate but compatible libraries can
exist and the consumer (not the manufacturer, the hallmark of a
competitively impoverished market) can decide which is the most reliable and
stable version.

Had Microsoft, for example, been required to publish their API's by the
market we wouldn't be spending all this effort and money on the current
proceedings. That would be a win-win for everyone (well except Bill who
probably wouldn't be worth a value equivalent to the holdings of 40+M US
citizens combined).

Anyone who objects to published API's is aware their code is trivial and not
worth it's price or their code is written poorly and easily improved upon.

Bottem line, if you believe in a free-market (which requires fair
competition to work and prevent monopolies) and object to releasing your
API's then you're a hypocrit.

Having your cake and eating it too *never* works, except in Wonderland.

There should be no objection to making oneself wealthy, but not at the
expense of others. Let the quality of your product define your reputation,
not your greed. Become the best supplier of niche code there is because the
code is well fast, failure tolerant, and reliable - not because you've
managed to squeeze all potential competitors out.


    ____________________________________________________________________

                            The seeker is a finder.

                                     Ancient Persian Proverb

       The Armadillo Group       ,::////;::-.          James Choate
       Austin, Tx               /:'///// ``::>/|/      ravage@ssz.com
       www.ssz.com            .',  ||||    `/( e\      512-451-7087
                           -====~~mm-'`-```-mm --'-
    --------------------------------------------------------------------