Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Wed, 3 Sep 2014 15:59:05 +0200
From: Tomas Hoger <thoger@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: Open Source only?

On Thu, 28 Aug 2014 03:04:02 +0400 Solar Designer wrote:

> I've just rejected a posting giving the following reason:
> 
> Message lacks Subject, and the software appears to be non Open Source:
> partial(?) source code is available, but under a EULA that doesn't
> appear to meet OSI definition.
> 
> The message was CC'ed to full-disclosure, so it will probably appear
> there.
> 
> While message lacking Subject is a technicality, which the sender may
> address (and resend the message), the issue of software that comes
> with source code, but isn't under an Open Source license is one we
> might want to decide on, if we haven't already (I think we have,
> which is why I mentioned it as one of two reasons to reject that
> posting).  Also, it may at times be tricky (and unreliable and
> time-consuming) for list moderators to determine whether a license is
> Open Source or not, as well as whether the software is possibly
> dual-licensed.  Should we perhaps err on the side of approving
> postings whenever in doubt?

Investigating license status to decide whether some post should be
approved sounds like a very bad use of your time.  List charter already
says Open Source software issues only are expected to be posted here.
If post is related to something that is obviously closed source, it
should be rejected.  If it's something which has source available,
allow it in without investigating if it has OSI approved license, or is
properly licensed at all.

The above can be re-visited if there is actually a relevant number of
abuses.

Just my 2c.

-- 
Tomas Hoger / Red Hat Product Security

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.