Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 27 Aug 2014 17:52:30 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: Open Source only?

On 27/08/14 05:04 PM, Solar Designer wrote:
> Hi,
> 
> I've just rejected a posting giving the following reason:
> 
> Message lacks Subject, and the software appears to be non Open Source:
> partial(?) source code is available, but under a EULA that doesn't
> appear to meet OSI definition.
> 
> The message was CC'ed to full-disclosure, so it will probably appear
> there.
> 
> While message lacking Subject is a technicality, which the sender may
> address (and resend the message), the issue of software that comes with
> source code, but isn't under an Open Source license is one we might want
> to decide on, if we haven't already (I think we have, which is why I
> mentioned it as one of two reasons to reject that posting).  Also, it
> may at times be tricky (and unreliable and time-consuming) for list
> moderators to determine whether a license is Open Source or not, as well
> as whether the software is possibly dual-licensed.  Should we perhaps
> err on the side of approving postings whenever in doubt?

Simple: If we go with Open Source only then "is the code available under
an approved license"?

http://opensource.org/licenses

Obviously if there needs to be an exception (e.g. a closed source/poorly
licensed source interacts significantly with something Open Source it
might be worth discussing).

The other aspect of this: in my experience the majority of closed source
vendors just don't care about security. So discussing it, especially
without their input/even being aware of it is quite pointless.

> Alexander

-- 
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993


[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ