On Tue, Sep 29, 1998 at 08:02:29AM -0500, Jim Choate wrote: | Forwarded message: | | > Date: Tue, 29 Sep 1998 08:14:50 -0400 | > From: Adam Shostack <adam@homeport.org> | > Subject: Re: GPL & commercial software, the critical distinction (fwd) | | > On Mon, Sep 28, 1998 at 07:09:51PM -0500, Jim Choate wrote: | > | | > | The problem with your interpretation is that in a sense you want your cake and | > | eat it too. In short you want to be able to use somebody elses code in your | > | product without their having a say in how their code is used or receiving a | > | cut of the profits. The GPL/LGPL is specificaly designed to prevent this. | > | > | > I'll suggest that in a security context, having ones cake and | > eating it too may not be such a bad thing. | | Only if you're the author or publisher and your goal is to watch your bank | account grow to exclusion of all else, everybody else gets screwed. What did I say about not paying for people's work? I'm perfectly happy to pay for code, and I prefer to buy open source code; it tends to be higher quality. I don't want to have to accept your opinion on how I should release code along with the code. | > If I can develop a | > commercial product with crypto code thats been made available to the | > community, then there is a lower chance the code will contain bogosity | > in its security critical functions. | > | > The GPL (not the LGPL) specifically prevents this with the | > best of intentions. | | Prevents what, releasing commercial code within a L/GPL'ed context? No, it | doesn't. What it does do is *guarantee* that the customer has some chance of | understanding what his code does (it's called code review and is highly | regarded in crypto algorithm analysis circles) and makes sure the original | L/GPL'ed holder has a stake in any commercial ventures the *source* code is | used in. You're being intentionally obtuse. I excluded the L/GPL from my comments, and you respond to them as if I was discussing the L/GPL. Further, I said above that using code thats been reveiwed is better from a security perspective. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume