Free and Open Source Software-Choices and responsibilities.
Sarad AV
jtrjtrjtr2001 at yahoo.com
Thu May 4 03:34:15 PDT 2006
Hi,
Looking at the Open Source Hardening Project sponsored
by the department of Hoemland Security-it says on
http://news.com.com/Open-source+hunt+digs+up+more+flaws/2100-1002_3-6068190.html
"The bug hunt is part of a three-year "Open Source
Hardening Project," dedicated to helping make such
software as secure as possible. In January, the U.S.
Department of Homeland Security awarded $1.24 million
to Stanford University, Coverity and Symantec to find
vulnerabilities in open-source projects.
Developers have been quick to fix many bugs found as
part of the program. More than 900 flaws were repaired
in the two weeks after Coverity announced the results
of its first scan of 32 open-source projects. "
But it appears that the money is spent only in hunting
down the bugs but not in fixing them. It says on
http://news.com.com/Homeland+Security+helps+secure+open-source+code/2100-1002_3-6025579.html
"It is regrettable that DHS has decided once more to
ensure that private enterprise profits from the
funding, while the open-source developers are left to
beg for the scraps from the table," he said. "Why does
the DHS think it is worthwhile to pay for bugs to be
found, but has made no provision to pay for them to be
fixed?"
Since Free/Open source software is widely used on
public infrastructure which is probably why the
Department of Homeland Security is funding it(to
secure it), I am wondering about the follwing
- Will an open source developer be forced to maintain
the code(with or without funds) and fix the bugs if
his code runs on public infrastructure citing reasons
such as national security?
- Is the authour responsible to fix bugs in the code
(free of cost/paid) citing he is responsible to ensure
public safety?
- What does this means to licenses like the GPL. Will
it be rendered void?
Thankyou for your time.
Sarad.
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the cypherpunks-legacy
mailing list