From: Adam Shostack <adam@homeport.org>
To: Jim Choate <cypherpunks@EINSTEIN.ssz.com>
Message Hash: a90146c387be29007d107819b707b758c7a2074c1a9255050961d557be1e7766
Message ID: <19980929103338.A4370@weathership.homeport.org>
Reply To: <199809291302.IAA06395@einstein.ssz.com>
UTC Datetime: 1998-09-29 01:34:02 UTC
Raw Date: Tue, 29 Sep 1998 09:34:02 +0800
From: Adam Shostack <adam@homeport.org>
Date: Tue, 29 Sep 1998 09:34:02 +0800
To: Jim Choate <cypherpunks@EINSTEIN.ssz.com>
Subject: Re: GPL & commercial software, the critical distinction (fwd)
In-Reply-To: <199809291302.IAA06395@einstein.ssz.com>
Message-ID: <19980929103338.A4370@weathership.homeport.org>
MIME-Version: 1.0
Content-Type: text/plain
On Tue, Sep 29, 1998 at 08:02:29AM -0500, Jim Choate wrote:
| Forwarded message:
|
| > Date: Tue, 29 Sep 1998 08:14:50 -0400
| > From: Adam Shostack <adam@homeport.org>
| > Subject: Re: GPL & commercial software, the critical distinction (fwd)
|
| > On Mon, Sep 28, 1998 at 07:09:51PM -0500, Jim Choate wrote:
| > |
| > | The problem with your interpretation is that in a sense you want your cake and
| > | eat it too. In short you want to be able to use somebody elses code in your
| > | product without their having a say in how their code is used or receiving a
| > | cut of the profits. The GPL/LGPL is specificaly designed to prevent this.
| >
| >
| > I'll suggest that in a security context, having ones cake and
| > eating it too may not be such a bad thing.
|
| Only if you're the author or publisher and your goal is to watch your bank
| account grow to exclusion of all else, everybody else gets screwed.
What did I say about not paying for people's work? I'm perfectly
happy to pay for code, and I prefer to buy open source code; it tends
to be higher quality. I don't want to have to accept your opinion on
how I should release code along with the code.
| > If I can develop a
| > commercial product with crypto code thats been made available to the
| > community, then there is a lower chance the code will contain bogosity
| > in its security critical functions.
| >
| > The GPL (not the LGPL) specifically prevents this with the
| > best of intentions.
|
| Prevents what, releasing commercial code within a L/GPL'ed context? No, it
| doesn't. What it does do is *guarantee* that the customer has some chance of
| understanding what his code does (it's called code review and is highly
| regarded in crypto algorithm analysis circles) and makes sure the original
| L/GPL'ed holder has a stake in any commercial ventures the *source* code is
| used in.
You're being intentionally obtuse. I excluded the L/GPL from
my comments, and you respond to them as if I was discussing the
L/GPL. Further, I said above that using code thats been reveiwed is
better from a security perspective.
Adam
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
Return to September 1998
Return to “Jim Choate <ravage@EINSTEIN.ssz.com>”