Re: propose: `cypherpunks license' (Re: Wanted: Twofish source code)
Perry Metzger writes:
I live in both Richard Stallman's world (the Open Source community) and in the Cypherpunk crypto community.
The two have different goals. RMS is mistaken about appropriate licensing for crypto code written by cypherpunks because he thinks the goals are the same, when they are not.
The Open Source community seeks maximum spread of free software. The Cypherpunk community seeks maximum spread of the use of non-GAKed cryptography.
With respect, Perry, I think you may actually have confused *three* different agendas. RMS's advocacy of the GPL should not be taken to represent the entire open-source community, and GPL is not the only license conforming to the Open Source Definition. The open-source community as a whole shares many of RMS's goals, but much of it differs with RMS, in a way very relevant to this conversation, on the question of tactics. There's serious question as to whether the spread of open-source software is best served by a "viral" license like GPL, or by licenses like BSD's which allow the code to be used without disclosure conditions by commercial developers. The Open Source Definition embraces both kinds of license. That is very much by design. Clearly, the "non-viral" licenses such as the BSD or MIT licenses exactly serve the purposes of developers such as EAY who would like the impediments to reuse of their code to be as low as possible. Accordingly, I urge you not to encourage an artificial split between the cypherpunks and the open-source community. Your licensing argument is not with the open-source community as a whole, it is very specifically with the partisans of the GPL. I think I may safely assert that the wider open-source community regards the cypherpunks valuable as allies in the struggle for freedom and openness, and would not press you to sacrifice your objective of spreading non-GAKed cryptography in order to conform to a licensing doctrine that we, ourselves, do not unanimously agree with. -- Eric S. Raymond The following is a Python RSA implementation. According to the US Government posting these four lines makes me an international arms trafficker! Join me in civil disobedience; add these lines of code to your .sig block to help get this stupid and unconstitutional law changed. ============================================================================ from sys import*;from string import*;a=argv;[s,p,q]=filter(lambda x:x[:1]!= '-',a);d='-d'in a;e,n=atol(p,16),atol(q,16);l=(len(q)+1)/2;o,inb=l-d,l-1+d while s:s=stdin.read(inb);s and map(stdout.write,map(lambda i,b=pow(reduce( lambda x,y:(x<<8L)+y,map(ord,s)),e,n):chr(b>>8*i&255),range(o-1,-1,-1))) Every Communist must grasp the truth, 'Political power grows out of the barrel of a gun.' -- Mao Tse-tung, 1938, inadvertently endorsing the Second Amendment.
"Eric S. Raymond" writes:
With respect, Perry, I think you may actually have confused *three* different agendas. RMS's advocacy of the GPL should not be taken to represent the entire open-source community, and GPL is not the only license conforming to the Open Source Definition.
As a NetBSD developer, I'm quite familiar with other available licenses, and in fact BSD license most of my source code because I don't particularly mind if people use my code commercially -- I see open source as a personal choice, and *my* source will remain open regardless of whether or not others writing against my libraries keep their source open. I suppose my comments were a slight simplification of the situation, but only slight. The open source community's goals and those of the cypherpunk community, although not diametrically opposed, are not identical, and it is important to keep that in mind when discussing this matter. See below.
Accordingly, I urge you not to encourage an artificial split between the cypherpunks and the open-source community. Your licensing argument is not with the open-source community as a whole, it is very specifically with the partisans of the GPL.
Understood -- my point was more that, to an open source person, GPL and BSD licenses are both compatible with their goals, whereas to a cyhpherpunk, the GPL is not compatible with their goals (or at least, not always compatible with them.) This is because their goals are not identical to those of an open source developer (although, once again, they are not necessarily conflicting, either -- just different, which leads to some open source licenses being inappropriate). BTW, on the question of RMS's argument about whether the name "open source" is appropriate, I think Shakespeare said it better than I can. JULIET 'Tis but thy name that is my enemy; Thou art thyself, though not a Montague. What's Montague? it is nor hand, nor foot, Nor arm, nor face, nor any other part Belonging to a man. O, be some other name! What's in a name? that which we call a rose By any other name would smell as sweet; So Romeo would, were he not Romeo call'd, Retain that dear perfection which he owes Without that title. Romeo, doff thy name, And for that name which is no part of thee Take all myself. Perry
Since you've quoted Juliet, let's look at what she is really saying. Your topic is terminology and whether it matters, but Juliet has other concerns on her mind. She uses Romeo's family name as a figure of speech, a stand-in for his family. When she says his name is unimportant, she really means that his family ties should be unimportant. To make her meaning clear (once we decode the figure of speech), Juliet depends on our knowing clearly what "Montague" refers to. She depends on the meanings of words, and names, in order to make her point, even when she uses the meanings indirectly. All speech does. When you use words that have meanings, your choice of words determines what you say. Consider "pro-life" and "anti-abortion": they are used to refer to the same people, but say very different things about them. When you speak about them, your choice of terms will communicate an opinion. If you care about the abortion issue, you probably care which opinion you convey. It's the same for "open source" and "free software". They refer to the same software, but say very different things about it. So how about giving people an accurate idea of what I say? Even if you don't agree with me, you can still do that.
Richard Stallman writes:
Since you've quoted Juliet, let's look at what she is really saying.
Your topic is terminology and whether it matters, but Juliet has other concerns on her mind. She uses Romeo's family name as a figure of speech, a stand-in for his family. When she says his name is unimportant, she really means that his family ties should be unimportant.
There are many layers of meaning. There is Juliet, a fictional character, who means something, in saying what she said. There is Shakespeare, the writer, who meant something in writing the play as he did. Then there is Perry Metzger, who obviously meant something in quoting Shakespeare putting words into Juliet's mouth. As entertaining as literary deconstruction can be, what is interesting here is not what Juliet meant, but what Perry Metzger meant in quoting Juliet.
It's the same for "open source" and "free software". They refer to the same software, but say very different things about it. So how about giving people an accurate idea of what I say? Even if you don't agree with me, you can still do that.
"I don't know what you mean by `glory',", Alice said. Humpty Dumpty smiled contemptuously. "Of course you don't --- till I tell you. I meant `there's a nice knock-down argument for you!'" "But `glory' doesn't mean `a nice knock-down argument'," Alice objected. "When *I* use a word", Humpty Dumpty said, in rather a scornful tone, "it means just what I choose it to mean -- neither more nor less." "The question is", said Alice, "whether you *can* make words mean so many different things" "The question is", said Humpty Dumpty, "which is to be master -- that's all." Perry
Accordingly, I urge you not to encourage an artificial split between the cypherpunks and the open-source community. Your licensing argument is not with the open-source community as a whole, it is very specifically with the partisans of the GPL.
- Cypherpunks want to maximize distribution and use of good crypto. Access to source for any product you use is necessary, primarily so you can tell if it has backdoors, weak crypto, bad implementations, known bugs, previously unknown bugs, and similar problems that are easiest to detect when lots of people look at the source code. Secondarily, unencumbered source code is easier to include in products, whether they're public-domain, commercial, freeware, Genuinely RMS-Approved Free Software (r,tm,patpend), careware, Greedy Hoardware, or whatever, and the easier some code is to include in a product, the more likely it is to get used. In particular, if using some code requires paying money to its authors, that makes it hard to include in low-priced products and harder in free products. If using the code requires changing the user's business model, it's less likely to get used, though the Library versions of the GNU license are much easier to use than the full GNU Public Virus, and almost anything is easier to use than Patented Algorithms Only Licensable From David Chaum. These two issues fit together - secret algorithms and secret code lead to junk like MS PPTP or GSM A5 which totally collapse when examined by professionals, and even with available source, there are bugs that can hide for a long time, so the more people checking out a system, the better. Some cypherpunks produce mostly free or Free software, some sell theirs for money while hoarding what they can, some work for tax-subsidized universities where publishing work is critical. - Open Source proponents differ on the tactics they think are most effective in making it possible for anyone to use source, from PD to GNUware. [We at the People's Front For Open Source don't believe in religious wars, unlike those HERETICS over at the Open Source People's Front, who believe that the best way to get everybody to open their source is to give away good source code only to virtuous people who agree to give away _their_ source code under the same conditions, instead of giving it away untainted by even the recognition of the sin of code hoarding like we do.:-] To the extent that openness-promoting tactics interfere with use of good code, they act against cypherpunk goals, though the same can be said about license-revenue-promoting tactics and other attempts to control users. Most of us in both overlapping camps disapprove of software patents, and patents has done almost as much as the NSA to impede crypto deployment, but there are some cypherpunks who have them, and some who believe that patent and copyright _have_ had their intended benefit, which is to encourage authors and inventors by making it easier for them to make money from their work. I had one interesting discussion with RMS in which we ended up agreeing that if software patents only lasted 5 years instead of 20, they'd still be bad but we could more or less live with them, because that would reduce the extent to which they interfered with programmers using techniques, whether the programmer was using a published patented technique or had reinvented it independently and missed it when doing literature searches before publishing. Thanks! Bill Bill Stewart, bill.stewart@pobox.com PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
participants (4)
-
Bill Stewart -
Eric S. Raymond -
Perry E. Metzger -
Richard Stallman