Date: Wed, 3 Sep 2014 15:59:05 +0200 From: Tomas Hoger <thoger@...hat.com> To: oss-security@...ts.openwall.com Subject: Re: Open Source only? On Thu, 28 Aug 2014 03:04:02 +0400 Solar Designer wrote: > I've just rejected a posting giving the following reason: > > Message lacks Subject, and the software appears to be non Open Source: > partial(?) source code is available, but under a EULA that doesn't > appear to meet OSI definition. > > The message was CC'ed to full-disclosure, so it will probably appear > there. > > While message lacking Subject is a technicality, which the sender may > address (and resend the message), the issue of software that comes > with source code, but isn't under an Open Source license is one we > might want to decide on, if we haven't already (I think we have, > which is why I mentioned it as one of two reasons to reject that > posting). Also, it may at times be tricky (and unreliable and > time-consuming) for list moderators to determine whether a license is > Open Source or not, as well as whether the software is possibly > dual-licensed. Should we perhaps err on the side of approving > postings whenever in doubt? Investigating license status to decide whether some post should be approved sounds like a very bad use of your time. List charter already says Open Source software issues only are expected to be posted here. If post is related to something that is obviously closed source, it should be rejected. If it's something which has source available, allow it in without investigating if it has OSI approved license, or is properly licensed at all. The above can be re-visited if there is actually a relevant number of abuses. Just my 2c. -- Tomas Hoger / Red Hat Product Security
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ