Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 27 Aug 2014 17:52:30 -0600
From: Kurt Seifried <>
Subject: Re: Open Source only?

On 27/08/14 05:04 PM, Solar Designer wrote:
> Hi,
> I've just rejected a posting giving the following reason:
> Message lacks Subject, and the software appears to be non Open Source:
> partial(?) source code is available, but under a EULA that doesn't
> appear to meet OSI definition.
> The message was CC'ed to full-disclosure, so it will probably appear
> there.
> While message lacking Subject is a technicality, which the sender may
> address (and resend the message), the issue of software that comes with
> source code, but isn't under an Open Source license is one we might want
> to decide on, if we haven't already (I think we have, which is why I
> mentioned it as one of two reasons to reject that posting).  Also, it
> may at times be tricky (and unreliable and time-consuming) for list
> moderators to determine whether a license is Open Source or not, as well
> as whether the software is possibly dual-licensed.  Should we perhaps
> err on the side of approving postings whenever in doubt?

Simple: If we go with Open Source only then "is the code available under
an approved license"?

Obviously if there needs to be an exception (e.g. a closed source/poorly
licensed source interacts significantly with something Open Source it
might be worth discussing).

The other aspect of this: in my experience the majority of closed source
vendors just don't care about security. So discussing it, especially
without their input/even being aware of it is quite pointless.

> Alexander

Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.