Advocacy Prompts Reconsideration of Anti-GPL Letter

Many people have noted that there has been a reaction (see also this AP story) to the story posted a few days ago about the GPL in government. (More links: Wired, Newsforge.) This is good, I guess: Congress should consider carefully how the government licenses the code it funds, because it's an important public policy question: it shouldn't be decided by a backroom push from business lobbyists (the lead Representative listed, Adam Smith, represents a district fairly close to but not including Microsoft headquarters). There are certain things that bother me about this whole story though, and I'm going to try to trace the trajectory of it below.

As far as I can tell, it started with this Newsforge story (Newsforge is also part of OSDN, Slashdot's corporate parent). The Newsforge story was excerpted and copied by an Australian newspaper, and from there, it was off and spreading. The headline chosen, "Washington State Congressman attempts to outlaw GPL", is not particularly accurate, but it did a great job at stirring up outrage. Outlaw the GPL! Over my dead keyboard!

From there it really started making the rounds. It was repeatedly submitted to Slashdot with all sorts of flaming, incorrect commentary - in fact, after reading a dozen different submissions, I didn't think any of them were even close to accurate. I picked one and posted it, trying to do my best to a) provide an accurate headline and b) provide an accurate summary of the issue at stake in a few sentences. To recap again: when the Federal government creates computer code (or any copyrightable work) directly, it gets no copyright whatsoever and the work is true public domain (quirk of the U.S. copyright laws - the 50 states, corporations, individuals, and other legal entities all get copyrights automatically, but the Federal government does not). If you want to copy, reproduce, or sell an .mp3 of the U.S. Congress singing "God Bless America" after September 11, go right ahead: there is no copyright on it whatsoever. (Actually, the song itself is still under copyright, but Congress' performance of it wouldn't be...)

However, when the Federal government hires a non-employee to create code or copyrighted works, there is no clear rule regarding the copyright status of the work. Sometimes the contract calls for rights to the work to be assigned to the Federal government (the Feds don't get original copyrights, but if someone else gets an original copyright, the Feds can acquire it). Sometimes the contractor keeps the copyright and gets to do whatever they want with it. Sometimes the contract doesn't specify. Note that this is NOT a BSD-vs.-GPL dispute, not by a long shot. Very little code financed by the Federal government is ever licensed under either of these two licenses - the choice is basically agency-proprietary (the Federal agency asked for the rights in the contract, and kept them) or company-proprietary (the agency didn't ask for the rights, and the contractor kept them).

And most of the time it doesn't matter. I've written code for the Federal government as both a contractor and an employee, and 99% of it was so specific and customized that it would be of use to no one else, regardless of its licensing or copyright status. Probably the majority of code written for the Federal government falls into that category - internal use software for very specific needs.

But some of it is undoubtedly useful. Some major projects funded by the government in conjunction with academia have escaped from licensing purgatory, typically through the efforts of the researchers working on them who approach the issue from an academic freedom viewpoint and want to see their work widely adopted. GRASS is one major one that I know of. A commenter pointed out ADA as an example. For code which is useful to others, either a BSD-like or GPL-like license would be truly beneficial and easily defensible as a public policy choice. In the non-code world, the government makes choices like that all the time - it might choose to purchase a particular piece of land and commit to making it available to everyone forever by declaring it a National Park and committing to maintain it, a GPL-like philosophy; alternately, it might choose to just dump a particular piece of property on the market, putting it up for auction and letting the purchaser do what he wills with it, a BSD-like philosophy.[1] Either of these two options might be optimal; but paying for code which ends up remaining proprietary is like buying a new stadium to benefit a very specific corporation which owns a very specific sports team: the type of use of public funds which is generally seen as sleazy and the opposite of good governance.

Either of the first two choices can be appropriate in certain situations. What does not seem appropriate is paying for proprietary code, although this is generally what happens when the government contracts for code. Since the government has the ability to provide a benefit to the public (open code) at essentially zero cost, it should do so. An example which has struck me several times over the past few years: every airport in the world has the same problem, coordinating planes taking off and landing and keeping them from running into each other. Yet each nation (and often each airport) solves the problem over and over, paying heavily for custom-designed, one-shot software development. Imagine if the world's airports could simply install GNU-AirTrafficControl 2.7, and have a complete, working, bug-free and cost-free air traffic control system. It would cost every nation less to do it this way, but it would also make a lot less money for the consultants retained to develop these systems.

But leave off the advocacy for moment - I was following the story itself. As noted above, the outcry has prompted many of the other Representatives who originally signed the letter to reconsider. The AP story even suggests that some of the signatories were actively misled - that the letter they thought they were signing didn't mention the GPL at all. However it actually played out, some good has been done.

That's good. What's not so good is that much of the outcry was probably generated by stories titled "Washington State Congressman attempts to outlaw GPL". The right outcome occurred, but for the wrong reasons and in the wrong manner. I am left wondering whether the community would have made the same sort of response on this issue if every story that had been posted about it was 100% accurate and non-inflammatory.

[1] If you're not familiar with the BSD-like and GPL-like classes of software licenses, this won't make a lot of sense to you, so please read up if necessary.

hmmm

[Masami+Eiri]

This is a weird subject, really. GPL is good, but when you really think about it, source code for government software isn't really something that should fall into the wrong hands...

Re:hmmm

[ryepup]

If the code is good, it doesn't matter whose hands it falls into. Odds are that if it falls into bad hands that find an exploit, it will also fall into good hands that find that same exploit, and alert the developers.

Re:hmmm

[Emmettfish]

This is a weird subject, really. GPL is good, but when you really think about it, source code for government software isn't really something that should fall into the wrong hands...

Software doesn't kill people, people kill people.

Okay, maybe that's too glib, but the song remains the same. Anything that would be considered a serious security threat would be classified as such; The mechanisms to do this with governmental data already exist.

I would hate for something as artistic as software to fall into an anti-terrorist mantra, because there's a forest-for-the-trees problem. Sometimes a cigar is just a cigar, and sometimes an MTA application is just an MTA application, even though it could be used to deliver mail with contents that aren't in the best interests of the commonwealth.

The problem with the 'wrong hands' argument is that we need to trust whomever is entrusted with the definition of 'wrong hands.' If that is a large, bureaucratic judicial system, it's probably inefficient, if it's an efficient corporation, the chances of ever seeing the code is nearly non-existent. :)

Emmett Plant
CEO, Xiph.org Foundation

Re:hmmm

[lpontiac]

GPL is good, but when you really think about it, source code for government software isn't really something that should fall into the wrong hands

This is a non-issue, surely. Not letting dangerous government information (ie classified information) into the public's hands is covered by secrecy laws that have nothing to do with copyright law, which exists to secure the "rights" (whether you believe them too many, too few, or just right) of IP holders.

If you come across a classified military report, you can't spread it around, regardless of what licence it is under. I'm pretty sure it would be completely uncopyrighted, if it was produced by the government - once they become unclassified, you can copy them as much as you like.

BSD Should Be Used

[BurritoWarrior]

...because the BSD license is essentially no license at all. So, when the government releases the SuperFoomatic 1.0, anyone can do with it as they please.

If we want a GPL'ed SuperFoomatic, we just take that code and release it under the GPL license. No point in having it release originally under the GPL as the released code can be GPL'ed "retroactively".

The only addiition I can think of is that perhaps it should be dual licensed, so that corporations have to pay for its use, with those monies paying for additional governmental software research.

Re:BSD Should Be Used

[MikeFM]

I'd suggest a dual license. First under the GPL with the second license BSD-style for American based companies and for a fee for foreign companies. This way anyone that would return the code to the community could use it freely either way and anyone hiring American workers would be free to make a profit off of it. Of course there would always be the countries that'd let their companies use our source code free anyway but leave that up to those nasty people that keep harping on the greatness of worldwide 200 year copyrights. :)

Re:BSD Should Be Used

[byran+lei]

>I'd suggest a dual license. First under the GPL with the second
>license BSD-style for American based companies and for a fee for
>foreign companies.
>
Wrong. It should be a fee charged to both American based and foreign companies companies
We don't need a repeat of the way Netscape and other companies got started.

Re:BSD Should Be Used

[MikeFM]

You could modify the basic BSD license to apply only to certain persons and corporations including the right to transfer the license only to others that also qualify.

Re:BSD Should Be Used

[r5t8i6y3]

>It's not just your own code, corporations pay a lot of taxes as well


the problem is:

people pay most of the taxes

and

corporations give most of the campaign contributions


what a fair system.

Re:BSD Should Be Used

[Greebz]

An irrelevency.

Firstly, Kerberos wasn't BSDL'd. Pedantry, I admit, but accurate.

Secondly, IIRC, Microsoft didn't actually use the free code - which would take a lot of work to get talking to Windows - but rewrote it from scratch anyway. A common mis-conception.

Regardless of that, that's what they'd do if they couldn't take the original code-base. So you're still no better off if someone's determined to create a broken version.

The GPL can not and does not prevent this.

Licenses cannot enforce standards. Microsoft can create broken protocols no matter what. That's the advantage of being an 800lb gorilla in the marketplace.

The GPL would hinder this. Proprietary products would need ground-up rewrites that may not be completely compatible.

What the BSDL does is promote quality implementations for those who *WANT* to play by the rules and use existing standards. It ensures they get a version that is fully inter-operatble with the existing versions.

Going back to Kerberos, the users still have a choice -- use the M$ "extended" version, or stick with something that follows the original standard.

See, freedom of choice.

GPL is anticompetitive in this case

[mesocyclone]

Forcing the government to release code under GPL is *removing* competition from the market. Public domain is much better. The code can be taken up by private companies and they can improve and sell it. And nothing I am aware of keeps that same code for forming the basis of a GPL and/or BSD project.

So turn the code loose with no strings at all, and let the best licensing system win!

Re:GPL is anticompetitive in this case

[bwt]

Forcing the government to release code under GPL is *removing* competition from the market. Public domain is much better.

Perhaps it does stifle some competition, but only competition that may be destructive to the purposes the government created the software in the first place. The big functional difference between the GPL and BSD or public domain is that the GPL is robust to "embrace, extend, and extinguish".

If the public finances the creation of software, it seems grossly unfair to allow proprietary extensions to that software that break compatibility. The GPL offers a quid-pro-quo that seems clearly in the public interest. It says: we the people created this IP -- you can use it, modify it, distribute it, etc... but any IP that you create that piggy-backs off of this work must be accessable by the public. The payment for using the GPL code is not monetary, it is IP. This way, the public gets not just the IP they funded, but a continuing return on their investment in the form of IP extensions to the original code.

Contrast this with the BSD or public domain licences. Let's say the public creates an email app by hiring a contractor. That app has a nice open mailbox format. A private entity could take the app, convert the mailbox format to a proprietary format and actually compete against the original app by leveraging the things it does well. That is wrong. Yet it is exactly the model that pervades many software companies.

Re:GPL is anticompetitive in this case

[abe+ferlman]

You are wrong. The GPL ensures that everyone competes fairly by removing the ability of actors in the marketplace from gaining monopolies on proprietary extensions to the software.

The GPL does nothing but prevent vendor lockin. It removes bad (read: abusing the idea ownership system) competition and allows good (service, support, distribution, update speed) competition among vendors, as evidenced by the strong competition evident among linux companies today.

Far from removing competition, the GPL removes lockin barriers that prevent entrance in to the market in the firstplace.

Or have you forgotten that "intellectual property" is a government-granted monopoly, which is the diametrical opposite of competition?

Re:GPL is anticompetitive in this case

[mesocyclone]

Fine, then let GPL compete against those vendors!

Public domain *does not prohibit GPL*!

As far as the government granted monopoly, it is also called for in the US constitution, and exists for a specific purpose. The fact that it is often abused does not mean it is wrong. FURTHERMORE, public domain does not create such a monopoly. It only allows someone to sell software that they have created or modified that way. It DOES NOT prohibit anyone else from taking the same fruits of the public work and using it for free or modifying it and release it for free or even with a restrictive license like GPL.

Those who imagine that GPL == freedom don't understand freedom.

You are confusing the means and the ends. The means I propose are freer than the means you propose. The ends may or may not be better, but I would argue that in most cases the results will be. In any case, the principle of freedom in this case trumps the principle of socially engineered results like the GPL attempts to achieve.

Re:GPL is anticompetitive in this case

[abe+ferlman]

The GPL has an uphill battle competing against government-granted monopolies, as one might expect. It's not a fair playing field, which is why the GPL is necessary in the first place. If there were no government sponsored monopolies on ideas, the GPL would be rather pointless except in the ways in which it is not different from the BSD license, i.e., disclaimer of warranty.

Your commentary on freedom is oversimplified. BSD style licenses guarantee the freedom to take away freedoms, the GPL does not- that is the only meaningful difference between them.

That means if ten people use the BSD license, the first one to act can lop off a branch of inquiry that extends from the original BSD work by taking an extension proprietary, leaving 9 people with a diminished set of possible extensions to make. In other words, BSD license guarantees one person's right to take away the freedoms of the other nine.

In a GPL world, the first person is constrained against proprietary extensions, so she may use and extend the software, but may not restrict the 9 others from using it.

So in our hypothetical 10-person society, the BSD license preserves the right of one person to limit the freedoms of the other 9, the GPL prevents one person from acting maliciously to preserve that freedom for the other nine.

Since these two sets of freedoms are mutually exclusive and we must choose, it's clear that the GPL society has more *net* freedom since actors are constrained only against acting in ways that constrain the others, and free to act in any other way they like.

Big, Sticky Issue

[sleeperservice]

Imagine if the world's airports could simply install GNU-AirTrafficControl 2.7, and have a complete, working, bug-free and cost-free air traffic control system.

True, but... I assume in this model anyone, anywhere could see the source codebase... with any of its bugs and exploits.... Do we want this for these kinds of software implementations (of which there are many done by/for the U.S. government)?

From what I can tell from the various sources (some good, some bad), the crux of the argument here is to avoid Smith et. al., making GPL or BSD licenses for government-produced/contracted code illegal. And that's only right. However, as far as I'm concerned, this simply starts the sticky discussion on what kinds of licenses/protection should be applied to what kind of projects. That's likely to be a lot more work.

...and we know what Congress feels about doing a lot of work....

Anyway, one can only hope that this news gets replayed as "X tries to restrict freedom", and these guys don't get re-elected.

Naive?

[FyRE666]

...because it's an important public policy question: it shouldn't be decided by a backroom push from business lobbyists...

Where the hell have you been for the past 50 years?! This is how all policy is decided by governments. Pretty simple equasion:

BribeH^H^H^H^H^Corporate funding + politician = new policy.

Interesting notes

[dh003i]

Here's some interesting things I noted:

Microsoft, whose Windows operating system competes with Linux, says open-source hurts a company's right to protect its intellectual property.

What hogwash. News sites shouldn't even post such outright lies. Whether or not I GPL a program I write, MS still has the same "rights" t o their proprietary software as they did before. My GPLing a program has absolutely no effect on MS or any other company "protecting their intellectual property". If you write something on top of (addition/modification of) GPL'ed source, then you have to license it under the GPL. This is fair play; communities have rules, even free communities (having some restrictions does not necessarily mean that something isn't free; indeed, we need restrictions to protect freedom, as there is no freedom in an anarchy). The basic rule of the FS community is that if you modify GPL'ed code or add onto GPL'ed code, then you have to give back to the community by licensing that modification under the GPL. Quid-pro-quo, and perfectly fair. It's like saying "I'll help you if you help me". Every business that modifies/adds-to GPL'ed code knows damn well that it's GPL'ed, and what the consequences of that are. They can stop their pathetic whining. If you don't want to license your software under the GPL, don't base it around GPL'ed code; if its only "one line" of GPL'ed code in your program, then it shouldn't be that hard to replace it.

Microsoft is Smith's top source of donations. According to the Center for Responsive Politics, Microsoft employees and its political action committee have given $22,900 to Smith's re-election campaign.

In other words, as we all know, Smith is bought and paid for and owned by MS, as are most politicians owned by big intellectual property interests (i.e., the RIAA, MPAA, BSA, and pharmaceuticals).

D-Texas

What, a democrat in Texas? I thought that was an extinct species.

Re:Interesting notes

[Carnage4Life]

What hogwash. News sites shouldn't even post such outright lies. Whether or not I GPL a program I write, MS still has the same "rights" to their proprietary software as they did before. My GPLing a program has absolutely no effect on MS or any other company "protecting their intellectual property".

You should put things in context instead of rushing to flame (although rushing to flame is a great way to get +4 or +5 posts on Slashdot). In this specific case the question is whether the government GPLing a piece of software discriminates against proprietary software vendors who want to protect their intellectual property (i.e. their changes) yet want to use the code created by the tax dollars of the corporation and its employees.

As many have pointed out, the GPL is a discriminatory licence in this situation while the BSDL is not. The BSDL isn't much more than putting it in public domain except for the requirement to retain copyright notices. With a putting software in the public domain or licensing it under the GPL then both Open Source and Proprietary software developers can benefit from the software.

Re:Interesting notes

[UVABlows]

Microsoft, whose Windows operating system competes with Linux, says open-source hurts a company's right to protect its intellectual property.

What hogwash

No, it is 100% accurate. The reporter is simply reporting what microsoft is claiming. The claims themselves might be completely off, but the story isn't reporting on their validity, just their existence. Microsoft IS claiming this, so this part of the story is 0% hogwash.

Re:Interesting notes

[schlach]

From the Wired article:

Red Hat general counsel Mark Webbink speculated that some members of Congress may have signed the anti-GPL note without fully realizing what they were doing. "I think they were probably hastened into something that most of them would now recognize as not being that well advised," he said.

How often do we hear this explanation for some dumb move by politicians? Is it fair to expect them to even read letters or legislation before endorsing them? How many have claimed surprise at what they found out was in the DMCA, or the Patriot Act? Will they do it now with Smith's letter? I don't think I'm as forgiving as Mr. Webbink...

In other words, as we all know, Smith is bought and paid for and owned by MS

For $22,900? They got him cheap. Talk about a depressed economy - even the government boys are feeling the pinch. ; )

Christ at those rates I could afford my own Congressman... I hear it's the best investment you can make. Maybe I can send him back to Washington pushing the schlach agenda. Wow, my own pet Congressman... I'd play with him and feed him everyday... =p

Re:Interesting notes

[drinkypoo]

Let's say that a great program is release, call it Program. Now, if the developer releases Program under the BSD-license, it is possible for a corporation to come along and snatch his source code, make some improvements, additions, and/or modifications, and then release those changes under a EULA. The new program, call it Modified Program, supplants the original Program, and becomes ubiquitous in use (that is, everyone uses it). Now freedom has disappeared. Under the GPL license, that simply can't happen.

There are sufficient license zealots and poor people who can't afford software for this scenario to never fully play out. Also Microsoft Office exists and does a whole lot of things but that doesn't stop the development of OpenOffice.

Nothing in the GPL prevents you from making money.

Never said it did.

You also seem to completely ignore widely accepted standards of free software, all of which the GPL readily meets

I read this as "I will now ignore your point about the restrictions added by the GPL by posting a bunch of URLs which will take you to documents by other people who will also ignore your point."

The GPL meets all of these definitions, thus is Free Software.

I never said it wasn't widely considered to be free software; I said that BSD is more free than GPL. On one hand all BSD guarantees is that you can get THIS version of the software for nothing and do whatever you want with it, so you could perhaps craft an argument that it was less free because of its lack of guarantees. On the other hand, GPL requires you to take certain actions if you take other actions, namely releasing the source which you wrote if you want to give other people the benefit of your changes, but charge them for it. BSD does not place this requirement which, it could be argued (and I am,) devalues your work.

GPL is perfect for dual licensing

GPL does make things difficult for commercial exploitation, especially for software companies which care more about tying you to them with a product rather than their service ... so a GPL license for everyone, and a commercial for fee license for companies works well (you see it used often).

Advances science and business in equal measure, and lets the government recoup some of the costs.

Totally unfair analogy!!

[Brian_Ellenberger]

The GPL=National Park, BSD="dump on market" is a completely unfair analogy. If you make land into a National Park, everyone has a right to use them. If you sell the land, only the landowner gets to use it.

However, that is not the case with GPL vs. BSD. I can freely use and modify any code under the GPL or the BSD. It's not like some company can just take over BSD code and never let me use it. They are both free.

The difference is that with GPL if I write a commercial application and 99% of the code is mine and 1% is GPL I am forced to give out my 99% of code. With BSD I don't.

Now this is fair if it is just some Joe Programmer on his own time who wrote the 1% of GPL code. He can let people use (or not use) it as he feels. It is *NOT* fair if that Joe Programmer is being paid to write that code with MY tax dollars! That code should be freely given to the taxpayers to do with it whatever they want, including using it in their closed-source programs and selling it.

It is not "corporate welfare" because it benefits everyone equally! Corporations can use it, individual taxpayers can use it, universities can use it, etc. Corporate welfare is if they give something to corporations that only corporations will benefit from.

Brian Ellenberger

Re:Totally unfair analogy!!

[Arandir]

However, that is not the case with GPL vs. BSD. I can freely use and modify any code under the GPL or the BSD. It's not like some company can just take over BSD code and never let me use it. They are both free.

I have a better analogy to counter to bad analogy:

Since software can be infinitely copied and distributed with no loss, think of it as an infinite stretch of arable land. Proprietary guys come along and fence off a section with a sign saying "keep out". GPL guys come along and fence off a section saying "free for everyone". BSD guys come along and notice that fences are utterly irrelevant...

Re:Totally unfair analogy!!

[Paul+Komarek]

I think you are overstating the "derivative works" protection. Clean-room implementations are important for Compaq when reverse-engineering the IBM BIOS, but that seems to be a very special situation. In that case, there's only one IBM BIOS and no general body of knowledge. Furthermore, IBM has legions of lawyers and both parties have strong commercial interests.

However, if I read the GNU regex code, study the relevant automata literature, and then write my own regex parser, I do not believe my work would be considered derivative so long as I don't effectively cut-n-paste the GNU code. In this case I'm writing code from scratch using other sources as reference.

I would very much like to know which copyright cases provided precedence for this issue. Otherwise, I think the definition of "derivative" is probably up to the Librarian of Congress or similar.

Perhaps your complaint is about my use of the word "rewrite". By "rewrite" I mean write again, not fiddle with variable names and hope nobody notices.

-Paul Komarek

gpl like encryption

[dollargonzo]

see, the gpl license is very much like modern encryption alogrithms. prior to the days of RSA, ala world wars, encryption and security was based around the fact that people can hide secure algorithms well enough to keep things secret. in other words, if anyone found out the algorithm, the encryption scheme became utterly pointless.

relatively recently, encryption has undergone a complete turn-around in ideology. now, most every cryptologist believes that the algorithm should not only be simple but also VERY OPEN. the more eyes that look at it, the more errors can be spotted, and as time has told, today's crypto systems, for example RSA, are much more secure than the enigma. everyone and their dog knows how it works, and still no one can break it.

the same thing goes for software. the whole "falls into the wrong hands" argument works exactly the same as crypto-systems. if a crypto-system falls into the wrong hands (as someone else noted), it will also fall into the right hands, and errors will be fixed.

licensing government software under the gpl opens it up, and in the long run reduces the error rate and effectively, it's security, etc. people still think that if they hide the source to the software, it will be more secure. PLEASE look at what happened to cryptology in recent times and act accordingly.

Re:gpl like encryption

[drinkypoo]

Well yes, a cryptosystem being open or closed does not change how well it functions. You can know everything about how a one time pad functions, for example, and as long as there is sufficient randomness in the key generation knowing it all won't help you. If you know how the key is generated, and it's not random enough, then THAT can be a weakness. But you cannot assume that someone may not learn what you're up to, so the weakness isn't having the process be open, it's the process.

Having a cryptosystem which depends on obscurity is nothing more than a fancy puzzle box. Enough monkeying around by someone who knows what to look for will open the box, because various operations always leave telltale signs, and there happens to be a vast number of shortcuts out there which is why repeatedly encrypting something with the same cryptosystem, even using different keys, can result in no more security than a single pass.

On the other hand, hiding the source to the software DOES make it more secure. It does not make it secure but it does make it more secure. Consider the case of someone wanting to reprogram a missile, something I know dick about but about which I can craft a fairly plausible scenario due to what (little) I know about programming. Let's say the basic control software is running on a hardened 80186 CPU. You would like to replace this software with your own ingredients and send the missile to a different target.

Now, you can either download and disassemble the software when you get there and muck around in x86 assembler trying to figure out what they're doing, and why, and how to make it do what you want, or you can have the source ahead of time and have the code ready to install when you get there.

Not to mention the fucking comments. Have you ever disassembled some software and taken a look at it? Figuring out what it does can be as confusing as being a snake in a hose factory. You might have just a hundred lines of code with no calls and still spend hours trying to decide what it's really accomplishing, especially if the programmer is clued. With decent comments, you'll be able to tell at a glance.

This comment should not be taken as indicating that security through obscurity is effective, only that it is more effective than no security. Hence, saying that obscurity doesn't help is incorrect.

Analogy with data from NSF funded projects

[Charles+Dodgeson]

I haven't found a statement of the rules, but many academic projects funded by the National Science Foundation require that the data collected (or non-confidential bits of it) be made available to the academic community at large. I think that that is a correct policy of the NSF and that the analogy holds for much of software development

BSD vs. GPL vs. Public Domain

[Mahrin+Skel]

For this purpose, there is a significant difference between the BSD and GPL, but not much of one between BSD and Public Domain.

If you release it under the GPL, all derived code must itself be released under the GPL. Like it or not, this *does* interfere with commercialization of the software, nobody is going to spend millions of dollars writing code they'll have to give away, under most circumstances.

On the other hand, BSD or Public domain carries no such strings. Someone can pick up the BSD or PD code, alter and adapt it, and make the result proprietary, *and* someone else can take the same original PD/BSD code, alter and adapt it, and release it under the GPL or a similar required open-source liscense. The best of all possible worlds, if making something government-generated generally useful requires a lot of up-front investment, in ways that don't appeal to OSS communities, someone can take that opportunity and make an investment with reasonable hope of return. And if something of benefit can be derived in ways that "scratch an itch", the result can be released or recreated under the GPL and kept available.

The problem is that some systems should never be made public. I don't want the command computer source code for the ICBM system running around loose, "many eyes" security methods are a bad thing when intrusion impacts are measured in megatons. So, like it or not, some code will have to remain forever closed.

--Dave

Re:BSD vs. GPL vs. Public Domain

[abe+ferlman]

If you release it under the GPL, all derived code must itself be released under the GPL. Like it or not, this *does* interfere with commercialization of the software, nobody is going to spend millions of dollars writing code they'll have to give away, under most circumstances.

You are performing one of the great fallacies of free software discussions, and these issues are subtle so I can see how you'd confuse the following:

this *does* interfere with commercialization of the software

this *does* interfere with making the software proprietary

The distinction is very important. You can commercialize GPL'd software, it's right there in the license. You can not make proprietary extensions to that software.

It's like bottled water. You can get water for free from public drinking fountains everywhere, the chemical code for it is known by elementary school children, but people still buy the stuff in very profitable bottles. I think there are two lessons here:

1. never underestimate the power of marketing, even (especially?) in absurdly commodified markets
2. the public availability does not make something commercially unfriendly, it just changes the terms under which vendors must operate to be more consumer-friendly.

Vendor lockin is very, very bad for business. Many projects have been killed or not started out of the fear that Microsoft will include similar functionality in a later release of their operating system that replaces or possibly outright breaks their implementation. In a level playing field (a gpl-frienly environment) Microsoft would be foolish to extinguish rather than interoperate with other vendors. Bottom line: GPL allows non-lockin commercialization, true capitalist-style competition instead of government-sponsored monopolies.

Re:BSD vs. GPL vs. Public Domain

[Todd+Knarr]

Only one problem with your GPL analysis. First off, if it's only their property, there's no GPL issue. If they wrote all the code, they can release it under any license they like. And if they included GPL'd code, it isn't their property. In that case, why should their desire to commercialize the code give them the right to ignore the license the owner of the GPL'd code put on it? In short, what gives them the right to use someone else's property any way they like regardless of the license terms on it?

Re:BSD vs. GPL vs. Public Domain

[cpt+kangarooski]

Well, the fact that that code is not released publically is TOTALLY seperate from whether or not it is public domain.

If a CIA spy sends a secret message to Langley, that message is in the public domain. The prohibition on its dissemination arises not out of copyright, but out of a need for national security in a First Amendment context.

No one is arguing against that, although I hope that eventually this stuff will get declassified when it's no longer important to keep it a secret.

Wow, a good /. editor

[loosifer]

Someone who actually understands the issue at hand, in context, even, and is able to give a relatively straightforward and largely unbiased review of what has occurred and why you should care. Crazy!

And for the record, if there were a GNU-AirTraffic piece of software, it would take about 10 years to get to anything resembling 2.7; it would probably spend most of that ten years at version 0.9.x or whatever. What is up with OS projects being totally unwilling to actually go up in versions? Sheesh.

Re:Wow, a good /. editor

[drinkypoo]

What is up with OS projects being totally unwilling to actually go up in versions? Sheesh.

You have major.minor.small.tiny or something similar. The way it USED to work was major 0 was for prerelease and then major 1 was your release. You then only incremented your major number for a complete start-from-scratch return-to-formula rewrite. Increments in minor were for added features, small was for modified features or bug fixes, and tiny (which didn't come along until much later) was for minor bug fixes (forgot to twiddle a bit or something.)

Now the major is a marketing number, the minor is for minor changes, small is for patches, and tiny seems to track how many files have been edited, or how many bites the packager took to eat a candy bar, or some kind of checksum. Take your pick.

Internet Explorer has no reason to be on version six, for example. I don't even remember ever seeing version 1, but it must have existed. I doubt it's EVER been completely rewritten but it seems to have changed considerably between 2 and 3, and between 3 and 5 (But not 4) and not much between 5 and 6. Assuming it changed a lot between 1 and 2 it could justifiably be on version 3 now.

Most people want their software to actually work reliably and not crash before they make it 1.0. This explains why versions increment so slowly. If you take a look at the versions applied to most linux distributions, they're artificially inflated as well... especially redhat. There's not enough difference between 7.x and 8.x to justify incrementing the minor but they overhauled the look and smell so they had to bump it up or no one would notice it had changed and go buy it at Fry's again.

Re:GNU Is Like a Disease

[swv3752]

So you agree that what MS did with kerberos is OK? I know this is a troll, but what BS.

Let me give an example, say the government funds an email server. I create a plugin that expands on the functionality of the email server and create a small business around this consulting other companies on its use.

You are a large company that markets the email server. If we use the GPL, you can not close me out with proprietary extensions. Same thing would work in reverse, but you would not care that much. If it was a BSD or Public Domain, you could make proprietary extensions that would disallow my plugin from working. What makes you more important than me? Both of our tax money went to this hypothetical project.

By your reasoning it would be ok to leave trash or campfires burning. The parks are GPLed. We don't let companies come in and strip mine Yellow Stone. If we were to use your analogy, we would let loggers cut down the Redwood forest.

The GPL says share and share alike. you want to keep something to yourself, then do all the work yourself. No way are you takeing what is mine. By definition, anything of the Government is partially mine.

Re:Define "very little"

[JordanH]

• Actually I don't think GPL is a good choice for releasing software in scientific community, but I will admit there isn't a much better choice.

What is bad about the GPL for releasing software in the scientific community?

• I wish there was a way to add to GPL something like "if you make improvements to this software and publish the results of those, you must also publish the improved version of the software'.

I'd like to understand your problem. Is it that people are not required to provide changes unless they provide binaries? Interesting. So, would you say that the GPL is not restrictive enough for scientific researchers?

If this is your problem, I think you'd find a more restrictive license difficult to draft. You'd have to carefully define 'research' and 'publish' for purposes of such a license.

The GPL removes much of the motivation for keeping source changes secret, but not the one where people want to keep their changes a secret for purposes of academic competition. I would think that this motivation would be counter-balanced by the desire of researchers to have their results duplicated. This would require that the mechanisms of their research be made public, which I think would include their source code.

• It should be noted though in scientific community a license is not really necessary, asking politely is more than enough in almost all cases.

One case where researchers are likely to keep their methods secret is their hope to commercialize some aspect of the research. The GPL addresses this well, I would think.

Not quite

[nsayer]

someone else can take the same original PD/BSD code, alter and adapt it, and release it under the GPL or a similar required open-source liscense.

In the case of GPLing a BSD licensed piece of code, it would have to be a modified version of the GPL to take into account the original requirements of the BSD license - that attribution must be given in the documentation and that the BSD copyright notices must not be removed from the source. The BSD license allows you to add restrictions, but you may not remove the ones that were there.

So far as I know, more lawsuits have been filed in defense of the BSD license than the GPL so far. :-)

GPLed Software that already exists

[dachshund]

The case that nobody's mentioning is a situation where the software already exists and is licensed under the GPL.

I don't feel that the government should GPL all its code on principle. But should the government be forbidden to make modifications to a mature GPL software project if that software fills the requirements of some particular project? Imagine that the government wants to use Linux for a particular application, because they feel it's the best tool for the job-- should they be forbidden from adapting it to suit their particular needs (as companies like Tivo have), or even releasing bug-fixes?

It strikes me that in many cases the public and the government can both benefit from this sort of transaction. It's certainly far more efficient than the typical "pay a contractor to develop something and then let them retain the copyright" scenario.

Same logic applies to corps.

[MichaelPenne]

though.

Say IBM gets a 100million $ contract to write a killler database for .gov, then gets to turn around and sell that db commercially.

So Oracle (& MySQL AB) gets to help pay for code for a competitor?

Seems more fair & logical to release all publically funded code under an open license so that all the folks who have supported the writing of the code can use it.

Re:Define "very little", OK, that's easy.

[JordanH]

• Now consider all the Navy's work from design to implementiation. Now consider that the Navy is just one branch of the enormous US Military, which literally supports whole cities of people on land and at sea. Now consider that the Navy is just one branch of the enormous US Military, which literally supports whole cities of people on land and at sea. Then consider that the US Military only accounts for one fourth of the US Federal Budget and realize how much software goes to the federal government each year that you will never see, but will pay for again and again.

• Very little can be thought of as vast but visible next to the incomprehsibly large.

I suppose it is very little compared to the total amount of software written for the Military.

I was, however, excluding from consideration all software that would not normally be licensed or otherwise released, like software that is not released to entities outside of the US Military or software that could contain State Secrets, etc.

The Yorktown's propulsion system software would only be released to those who had Yorktown class ships. Inspection of said software could aid people in sabotage of Yorktown class ships or might contain operational details that would be of benefit to someone engaging a Yorktown class ship in battle.

I think you're talking about software here that was never intended for any kind of release.

I suppose there are probably some software tools and business software programs, like in the areas of logistics, task management and office tools that the Military might develop that could get widespread release, but I can't imagine that this would be a terribly large body of software.