GPL & commercial software, the critical distinction (fwd)

Adam Shostack adam at homeport.org
Mon Sep 28 18:34:02 PDT 1998 


On Tue, Sep 29, 1998 at 08:02:29AM -0500, Jim Choate wrote:
| Forwarded message:
| 
| > Date: Tue, 29 Sep 1998 08:14:50 -0400
| > From: Adam Shostack <adam at homeport.org>
| > Subject: Re: GPL & commercial software, the critical distinction (fwd)
| 
| > On Mon, Sep 28, 1998 at 07:09:51PM -0500, Jim Choate wrote:
| > | 
| > | The problem with your interpretation is that in a sense you want your cake and
| > | eat it too. In short you want to be able to use somebody elses code in your
| > | product without their having a say in how their code is used or receiving a
| > | cut of the profits. The GPL/LGPL is specificaly designed to prevent this.
| > 
| > 
| > 	I'll suggest that in a security context, having ones cake and
| > eating it too may not be such a bad thing.
| 
| Only if you're the author or publisher and your goal is to watch your bank
| account grow to exclusion of all else, everybody else gets screwed.

What did I say about not paying for people's work?  I'm perfectly
happy to pay for code, and I prefer to buy open source code; it tends
to be higher quality.  I don't want to have to accept your opinion on
how I should release code along with the code.

| >  If I can develop a
| > commercial product with crypto code thats been made available to the
| > community, then there is a lower chance the code will contain bogosity 
| > in its security critical functions.
| > 
| > 	The GPL (not the LGPL) specifically prevents this with the
| > best of intentions.
| 
| Prevents what, releasing commercial code within a L/GPL'ed context? No, it
| doesn't. What it does do is *guarantee* that the customer has some chance of
| understanding what his code does (it's called code review and is highly
| regarded in crypto algorithm analysis circles) and makes sure the original
| L/GPL'ed holder has a stake in any commercial ventures the *source* code is
| used in.

	You're being intentionally obtuse.  I excluded the L/GPL from
my comments, and you respond to them as if I was discussing the
L/GPL.	Further, I said above that using code thats been reveiwed is
better from a security perspective.

Adam


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume

More information about the cypherpunks-legacy mailing list