DJB Releases All Source to Public Domain

A Sage Developer writes "During a recent conference, Sage Days 6, Dan Bernstein (who has recently come under attack for his licensing policy) was among the invited speakers. During a panel discussion on the future of open source mathematics software, Bernstein declared that all of his past and future code would be released to the public domain. This includes qmail, primegen, and a number of other projects. Given the headache that incompatibility between GPLv3 and GPLv2 is causing developers, will we see more of this?"

In a word...

[s4m7]

Given the headache that incompatibility between GPLv3 and GPLv2 is causing developers, will we see more of this?

No.

Not in a manner disproportionate to what we've seen in the past anyway. Some people will keep gpl2 as their license, others will go gpl3, bsd, or one of any of the OSI licenses for the most part, because people like attribution, they like retaining (some) control of their work.

Re:In a word...

[BiggerIsBetter]

I agree. Public Domain licensing seems to be the worst of all worlds to me.

Re:In a word...

[KevMar]

I like the sound of public domain. Its simple with out any complicated rules.

I saw Open Source as a free exchange of ideas and code that let you do what ever you wanted with it. Public Domain fits that better than a lot of others.

All the Gotchas and legal overhead built into some of them are just overhead that make the whole process fustrating.

At the same time, Open Source is becomming more of a buzz word than anything else. I hear even Microsoft does Open Source software now.

Re:In a word...

[civilizedINTENSITY]

Agreed that Public Domain is not incompatible with Open Source. In fact, it isn't incompatible, in terms of absorbing the code into a project, with the GPL. However, in terms of Free Software, Free doesn't mean "a free exchange of ideas and code that let you do what ever you wanted with it", but rather a limit on distribution rights for the purpose of ensuring that user rights always remain free. And it seems to work :-)

Re:In a word...

Well, Public Domain is a heck of a lot better than DJB's original license. For DJB's code, Public domain is a completely unqualified improvement.

(DJB's license forbade distribution of modified source - you can only distribute patches. You man not distribute binary files that result from any modification from the distribution source. I argue that it isn't open source at all.)

This might mean that qmail's glaring deficienies will get fixed. That's if qmail is still relevant. Plus, it might be secure on muliti-gigabyte ram 64 bit machines (which, frankly, are run of the mill linux boxes these days.)

Now, arguing a swap from GPL or BSD to/from Public Domain is another thing entirely IMHO.

Re:In a word...

[Goaway]

And you know, some of us are far more interested in "a free exchange of ideas and code that let you do what ever you wanted with it" than in some convulted ideology where "freedom" is redefined as something restrictive.

Re:In a word...

[Zeinfeld]

Public Domain is good for shorter snippets that one might throw away one a forum or the like, but something of a more project-y character is probably better off with a license of some sort. The exact boundary is, of course, up to personal preference.

We deliberately put the source codes for the original Web browser and client library into the public domain in order to create the maximum chance of growth.

At the time there was no Apache license and the GPL poison pill simply did not meet our needs. At the time we were actively lobbying Microsoft and IBM to come on board with the Web.

The only regret I have about it is that if we had had a license it would not have been possible for NCSA to put out the early releases of Mosaic which consisted of 75% or more of CERN code without a single mention of CERN or even the Web in the documentation. I would probably recommend that people think about the attribution issue carefully, the behavior of NCSA is the main reason that the Web received very shabby treatment from CERN, in the early days NCSA was getting all the press attention and they simply were not mentioning the fact that the ideas had come from Tim.

I don't think this applies in Bernstein's case. Nor would I be too concerned about possibly insecure extensions. There are some open source projects that have successfully maintained a very strict security process over ten years or more.

Re:In a word...

[Hatta]

The only restriction the GPL imposes is that you can't restrict the freedoms of the user. It's like a double negative, restricting restrictions makes it more free.

You may call this a convoluted ideology, but the fact is if I receive a program with GPL code in it, I'm free to modify it as I see fit. If I receive a program with public domain code in it, I may not be able to modify it at all.

I'm interested in a free exchange of code that lets me do whatever I want with it. Public domain does not do that for me.

That may be good.

[www.sorehands.com]

I like qmail. This is both good and bad.

The good is that allows people to fix, and distribute the fixes as part of the package instead of as a bunch of patches.

The bad is the security of the result. One of the hallmarks of the DJB software is that it is secure and he backs it up with a $500 (it may be $1000 now) bounty for security holes in the software. Many people referred to him as arrogant because of his refusal, but when you are good, you sometimes develop an attitude that people mistake for arrogance. Even so, it is HIS code, so he gets to do what he wants with it.

Re:That may be good.

[arivanov]

Actually, if you like qmail you need to have your brain checked.

The biggest advantage of Unix is the "We stood on the shoulders of Giants" philosophy. The library functions are continually improved and nowdays there is a library function for nearly everything. Qmail goes completely against this philosophy by rewriting nearly every higher level function in libc it needs. Granted, when qmail came out some of these rewrites were more secure and technically superior implementations. First of all, not contributing them towards the libc's is sociopathic behaviour (I want only my app to benefit, everyone else go suck bricks sidewise through a thin straw). Second, their technical superiority even from a security perspective is no longer there. Libc has moved on and even the worst of them (HPUX and Irix) are now at the same level of the DJB replacements (or better).

Re:That may be good.

[arivanov]

No point. The MTAs have moved forward as well. The libraries have moved forward as well. It would have been interesting 10 years ago (I used it and advocated its use at that time).

Now it is pointless.

Postfix, Exim and even sendmail have made a giant leap forward in terms of code quality, performance and security. So have the underlying libraries.

There simply no point to use qmail or any of its code base now. Too little, too late.

Re:That may be good.

[FishWithAHammer]

First of all, not contributing them towards the libc's is sociopathic behaviour (I want only my app to benefit, everyone else go suck bricks sidewise through a thin straw).

This is ludicrous. He wrote them because the ones out there weren't good enough. Others can write their own. There is nothing sociopathic about closed source software, no matter how much you may wish it to be.

(It is probably in the realm of sociopathy, as we're using the term, to go after people who reverse engineer your compiled binaries, but that's entirely different from not giving them your code. If they can extract what they need from what you have chosen given them, good for them. It is always wise to remember that while the GPL and the Free Software movement are in favor of unlimited user rights, a developer choosing to exert his own rights is not wrong.)

Re:That may be good.

[Just+Some+Guy]

my qmail gateways have never been exploited through qmail.

That's because qmail's known exploits mainly affect new hardware. Cool, huh? Buy a new server and watch it automatically get less secure.

Re:Don't be an "indian giver"

[McDutchie]

The GPL pushes that one step further by making sharing a requirement. Now receiving obliges you to give in return (if copyright wasn't the basis for the GPL, would Stallman have required distribution too?).

Sigh. No, it doesn't. The GPL sets forth rules you need to follow if you choose to share (i.e. distribute) the software. But nothing in the GPL obliges you to share anything.

The software is good.

[jd]

The crypto software and FFT software especially so, but maintenance isn't always as hot. That's hardly DJB's fault - they are public domain and nobody has run with them. On the other hand, it is not acceptable that his software is not being properly distributed, promoted or documented. Nor is it acceptable that he allows his personality quirks to interfere with the primary purpose of getting code into active circulation.

Re:Don't be an "indian giver"

[SanityInAnarchy]

It all got so confusing

How is it confusing?

and now with GPL3 putting further restrictions on sharers

The restrictions are essentially closing loopholes whereby people could either avoid sharing or share something useless.

Under GPLv2, you could create a derivative work and run a website based on it, but not share the changes since you weren't technically distributing the software. Or you could create a signed binary, and hardware that won't run it unless that binary is exactly the same. Or you could patent some procedure used, so that people can see the source code, but if they do anything with it, they violate your patent.

All GPLv3 does is enforce the spirit of GPLv2. Specifically: Everyone has to be able to get the source code, make any change they want, recompile, and run the modified binary.

greater restrictions are a smack in the face to the original reason anyone wanted to get involved in the first place, i.e. to share.

If you're getting hit with these restrictions, chances are, you, yourself, are an "indian giver" -- you want to pretend to share, except, not really.

Public domain remains the last safe haven for shareable code.

Or GPLv2... or BSD... or Apache... or MIT...

You're suggesting that GPLv3 somehow "infected" GPLv2, or every other license out there. That's simply not true. While public domain is perhaps the only way to ensure your code can be included in any kind of project, I see nothing wrong with share alike, and I see no reason why closing the loopholes is "going too far".

Re:dnscache as an common daemon

[SanityInAnarchy]

DJB's approach to standards is to write his own incompatible version.

Right, since there isn't a standard right now...

As for user friendly, he can't even put the man pages where they can be found.

That's why I called it "trying".

Other than not watching for dead processes, what exactly is the problem with /etc/init.d?

Well, init.d is complete in the sense that brainfuck is Turing-complete.

Which is to say, it's actually awkward for quite a lot of things. For instance: networking.

On Gentoo, the way multiple network interfaces are dealt with is by assigning each of them an init script, all symlinked to the same one. Gentoo init scripts have dependencies, so I can have something depend on some or all of the network interfaces being up.

On Debian, this is dealt with by having one "networking" init script that then ties into its own init-like system for individual interfaces -- ifup/ifdown. I can force certain scripts to run after an interface comes up or goes down.

On Ubuntu desktops, this is dealt with by having a NetworkManager daemon (started by init.d) that handles everything itself, by communicating with a GUI. I'm fairly sure it uses ifup/ifdown in some way, as it seems to respect some of my static scripts.

Gentoo is the closest to the "right way", in that there's a unified way to start/stop something. That is, on Gentoo, I know I can stop a network device by doing /etc/init.d/net.eth1 stop. But Ubuntu's the most user-friendly way, because I can do it from a GUI, and, for instance, easily migrate between wireless networks.

Now, go read about upstart, for a completely different approach. In particular, the ability to receive "events" from, say, udev or HAL, means that the equivalent of "/etc/init.d/net.eth1 start" will be run when I plug a cable into eth1, without removing that functionality, or forcing it into a completely different system (ifup/down).

At least, that's how I think it would work. In practice, while Upstart is used in Ubuntu, it's mostly used just to launch all the old sysv rc scripts, which then launch things like NetworkManager.

Re:OK so when exactly?

[lukas84]

Exchange!

A Linus supporter?

[SanityInAnarchy]

There are two vastly different interpretations of the GPLv2's intent.

Linus' interpretation is, so long as we get to see the code, it's fine, even if we can't do anything with it.

That is not the original intent. Say what you will about RMS, but he wrote the damned thing.

Do you know why RMS started this "free software crusade", founded GNU, and wrote any GPL at all? It starts with a printer. He'd messed with the old printer driver for the old printer -- it was prone to paper jams, so his hack was to at least detect a jam and alert the user, even if he couldn't fix it. Well, the new model of printer came in, and he was all set to port his fix, but he didn't have source code.

That's why GPLv2 is all about source code -- RMS wants to be able to tinker with any device he owns, and he saw lack of source code as the only thing stopping him. In the case of this printer driver, it was. But now we have tivoization. Tell me, if the lab computer was set to only accept signed binaries, what good would any amount of source code be? He could change it to do his paper-jam-fixing-hack, and even compile it -- he could do anything but run it -- which makes it completely useless.

Linus has a point, and so do you -- there is some academic value in seeing how people did what they did.

But Linus and you miss the crucial point -- it's not about restricting the developers, it's about empowering the users. The GPLv3 guarantees that any piece of software you get that's GPLv3-licensed, you can modify it, recompile it, and run it in the same way as the original. What's restrictive about that?

Re:A Linus supporter?

[FreeUser]

Why don't you do a modicum of research and find out? The story has been presented far and wide by RMS himself, and is easy enough to find. What you insinuate is that the trouble fixing the printer was somehow RMSes fault, which history shows to be untrue. The printer manufacturer wouldn't acknowledge the problem, and refused to let RMS see the source code so he could "fix" a bug they wouldn't acknowledge. This irrespective of how often said bug bit their customers. RMS spotted a severe social/technical problem and wrote the GPL to solve it (which it does, very successfully). Unscrupulous people have sought out loopholes to subvert the GPL, hence GPL v2, and now, with the advent of MS's "trusted computing initiative" and tivoization, GPL v3 to protect those freedoms in the face of some very powerful entities manipulating very powerful copyright and patent laws with the intent of subverting, even destroying, those same freedoms.

The GPL v2 and v3 are, whatever else one may say, the most successful attempt so far at creating a "constitution" that protects users rights in perpetuity, within the current framework of law designed to do just the opposite. It may not be perfect, but it's a damn sight better than most options out there.

Re:OK so when exactly?

[N7DR]

Already.

From http://cr.yp.to/qmail/dist.html:

I hereby place the qmail package (in particular, qmail-1.03.tar.gz, with MD5 checksum 622f65f982e380dbe86e6574f3abcb7c) into the public domain. You are free to modify the package, distribute modified versions, etc.

DJBDNS

[caudron]

Good. DBJDNS is, overall, a solid piece of software that kicks the crap outta Bind and leaves it bleeding in a ditch. I'll be glad to see it under a more open license that allows it to prosper and get some of its problems addressed.

Tom Caudron
http://tom.digitalelite.com/

Not quite so fast

[einhverfr]

I'm interested in a free exchange of code that lets me do whatever I want with it. Public domain does not do that for me. What can't you do with public domain code?

My concern about the GPL is that, while it is very friendly towards businesses who want to release and then control the direction of their open source products (I did not say projects), it can have a stifling effect on community. Compare for example, the MySQL development model (one company *controls* what goes into the next release) with the PostgreSQL development model. In many ways Linux is an exception rather than a rule, and even GNU suffers from politics of internal control (for example RMS dismissing the head HURD architect, Thomas BUshnell, for arguing against considering the GFDL to be "Free" according to Debian's guidelines-- if this is the free speech to be associated with the FSF's free software, I want no part of the FSF).

The GPL is in many ways a sort of halfway house for companies who want to do open source but not community-centered development. If MySQL was under the BSD license, there is no way they could maintain the central control-- they would have to open up the commit access to many people in other companies, and could not sell proprietary licenses because there would be no market for them.

The GPL, while having legitimate uses, is more of a political statement than anything else. I say this as someone who contributes thousands of lines of code per week into GPL'd projects.

THe GPL v3 is confusing in number of ways. For example, there is some concern over whether a company cedes patent rights over their own patents by merely using GPLv3 software, this is because of missing one little definition buried not in the definitions section but elsewhere in the license (section 11. paragraph 6, as much as a quick reading might otherwise support the concern, only applies to distribution relying on *explicit* patent licenses hence one cannot inadvertently license patents by mere distribution of the software).

A larger issue with the GPL v3 is that section 7 can be read to be incompatible with licenses such as the BSD and MIT licenses, perhaps even with the public domain. The question is, whether paragraph 2 (removal of additional permissions) must apply to portions under other licenses as well. A plain reading of the license suggests that this is the case (and my conversations with Eben Moglen suggest he thinks that this is the case, and furthermore that he believes that licenses such as the BSD and MIT licenses allow for additional restrictions to be added to the license when merely copying the software. It is clear from public speeches that this is also the view of RMS).

However, as another member of the SFLC pointed out to me, this was not the intent of a large number of authors of the license, and that few if any lawyers are willing to give advice that changing the license on a verbatim copy of a permissively licensed work is allowed (see the SFLC's memo on ISCL/GPL collaboration). They argue that since compatibility with licenses like the BSD license was a goal, that it needs to be read as compatible. Hence they argue that the additional things you can do with BSD-licensed code fall outside of the definition in section 7 of additional terms and are not governed by the GPL v3 at all.

However, if and until we see a memo from the SFLC on that topic, we will not have a neutral document to point to and say "this is what the license means." Hence it seems to me that every project ought to contemplate these issues, seek legal advice, and include some clarifying statements in the project's documentation.

This is too much trouble for me to go to in my projects so there is no incentive to move. I *am* considering moving a fair bit of my company's projects from the GPL to some variant of the MIT or ISC license however.