1998-10-07 - Re: propose: `cypherpunks license’ (Re: Wanted: Twofish source code)

Header Data

From: “Frank O’Dwyer” <fod@brd.ie>
To: rms@gnu.org
Message Hash: 8c1d4fd43e7f8d7bbee2520eeb9ec5ced495887bcf409c30d4ee478583b3cb8e
Message ID: <361BC3FB.623FEF51@brd.ie>
Reply To: <199810051105.HAA13894@germs.dyn.ml.org>
UTC Datetime: 1998-10-07 19:47:45 UTC
Raw Date: Thu, 8 Oct 1998 03:47:45 +0800

Raw message

From: "Frank O'Dwyer" <fod@brd.ie>
Date: Thu, 8 Oct 1998 03:47:45 +0800
To: rms@gnu.org
Subject: Re: propose: `cypherpunks license' (Re: Wanted: Twofish source   code)
In-Reply-To: <199810051105.HAA13894@germs.dyn.ml.org>
Message-ID: <361BC3FB.623FEF51@brd.ie>
MIME-Version: 1.0
Content-Type: text/plain

Matt Curtin wrote:
> Richard Stallman <rms@santafe.edu> writes:
> > I beg your pardon, but this is no mistake.  I'm well aware of the
> > people who argue for donating code to companies "so it will be more
> > widely used."
> This is really an interesting, and subtle, point.  The goals might
> well be different, but I suspect they're more complementary than most
> of us immediately realize.

Agreed. For example, having SSLeay (say) used in some proprietary
program or other would achieve very little in the way of "cypherpunk
goals" (unless perhaps the company voluntarily published improvements
and bug fixes for SSLeay). Having it used in Mozilla is a different
matter, however. Ultimately what is needed is not good free crypto
(which already exists, pretty much) but good free *applications* that
use crypto, with available source that can be examined for good practice
and backdoors, and that can be fixed when they are broken.  

But that's not to say that there is no point in trying to harness the
resources of proprietary software makers. One of way of looking at this
is that there is a limited number of people who know about this stuff,
and some of them work on proprietary software. Let's assume that it's
worth getting those people involved. Well, GPLing your code pretty much
ensures that they won't work on it. On the other hand, a very liberal
licence like BSD will mean that many of them won't or can't share their
results. The Mozilla licence looks to me like a good compromise in terms
of getting skilled people involved and maximising the return of
improvements. Additional licence terms like "no GAK" or whatever would
just turn some % of people off the code and would be superfluous
anyway--there's no need for the licence to demand "no GAK" if it demands
the source, and there's no point in demanding it otherwise.

Frank O'Dwyer.