McAfee Worried Over "Ambiguous" Open Source Licenses

← Back to Stories (view on slashdot.org)

McAfee Worried Over "Ambiguous" Open Source Licenses

Posted by ScuttleMonkey on Friday January 4, 2008 @09:36PM from the play-by-the-rules-and-no-one-gets-hurt dept.

willdavid writes to tell us InformationWeek is reporting that McAfee, in their annual report, has warned investors that "ambiguous" open source licenses "may result in unanticipated obligations regarding [McAfee] products." "McAfee said it's particularly troubling that the legality of terms included in the GNU/General Public License -- the most widely used open source license -- have yet to be tested in court. 'Use of GPL software could subject certain portions of our proprietary software to the GPL requirements, which may have adverse effects on our sales of the products incorporating any such software,' McAfee said in the report filed last month with the Securities and Exchange Commission. Among other things, the GPL requires that manufacturers who in their products use software governed by the license distribute the software's source code to end users or customers. Some manufacturers have voiced concerns that the requirement could leave important security or copyright protection features in their products open to tampering."

10 of 315 comments (clear)

I don't get it by noz · 2008-01-04 21:38 · Score: 5, Interesting

Are they worried because they've used GPL licensed code in their products?
1. Re:I don't get it by davester666 · 2008-01-04 21:45 · Score: 5, Interesting
  
  Yes. And to correct the article, they aren't really worried about having to release code may "leave ... products open to tampering", but rather, people might find blatantly obvious bugs or omissions with how they "protect" your computer. And then profit from it, either by writing rootkits or whatever that bypass their "protection" or by sueing them when they are infected by these rootkits.
  
  --
  Sleep your way to a whiter smile...date a dentist!
2. Re:I don't get it by Broken+Toys · 2008-01-04 21:47 · Score: 5, Insightful
  
  "McAfee's warning may have been prompted by the fact the Software Freedom Law Center, an open source advocacy group, recently filed a series of lawsuits against alleged GPL violators."
  
  The article isn't very clear on this point but it sounds like McAfee is almost admitting they violated the GPL and are about to end up in court.
3. Re:I don't get it by Anonymous Coward · 2008-01-04 22:16 · Score: 5, Interesting
  
  No, they are worried that if governments begin using "infected"[*] open source products, they [McAfee] might be forced to support those open source products. And they are afraid that their code will be contaminated by the GPL *license* (note: not code).
  
  Let me put it another way..
  1. You create a program for counting beans, it's written for Microsoft Windows
  2. 40% of your important customers (government) switches to Linux
  3. Because you want to keep you clients, you port your application to Linux.
  In order to get access to the proper low-level interfaces (that you imagine you need for your bean counter), you start writing some kernel support functions.
  4. You deliever your application to your government. You are happy, the government is happy.
  5. One day, someone posts a "Company X are in violation of the GPL!" to Slashdot -- and all hell breaks loose. Your lawers tell you that "Yes, we have to open source all our products, because they have all been contaminated by the GPL, becase we touched the linux kernel source (which is GPL)!".
  6. You shut down your business, and live on welfare for the rest of your life.
  
  The only thing which has happened here is that McAfee has proclaimed that GPL is viral (it infects innocent suspects' code).
  
  I suspect that McAfee has been offered a Great Deal by someone, in exchange for publicly stating that the GPL is viral.
  
  And no, I don't believe they are using GPL code. That's not what this is about. They are afraid of their (important) customers demanding McAfee support GPL products.
4. Re:I don't get it by unlametheweak · 2008-01-04 22:18 · Score: 5, Insightful
  
  Yes. And to correct the article, they aren't really worried about having to release code may "leave ... products open to tampering", but rather, people might find blatantly obvious bugs or omissions with how they "protect" your computer. And then profit from it, either by writing rootkits or whatever that bypass their "protection" or by sueing them when they are infected by these rootkits. I would suspect that it would be easier to run automated programs for finding buffer over-runs, etc, rather than phishing through thousands of lines of code looking for a non-obvious vulnerability (anybody who has ever coded knows that ALL coding mistakes are non-obvious... as soon as they press the compile button :P).
  
  By their logic it would be trivial to hack into a Linux computer because it is open-source, and next to impossible to hack into a Microsoft computer.
5. Re:I don't get it by HangingChad · 2008-01-05 02:15 · Score: 5, Insightful
  
  Do their own graft, write their own damn software, and stop freeloading off the community.
  What kind of leftie, tree-hugging nonsense is that? Expecting corporations to accept responsibility when there is shareholder value to consider, quarterly numbers to make and fat bonuses to earn.
  Accountability...I can't believe such a radical concept will ever fly. The American corporate way is to have our cake, eat it too and expense the bill as entertainment.
  
  --
  That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
As opposed to... by Anonymous Coward · 2008-01-04 21:39 · Score: 5, Funny

their EULA which has been rigorously tested time to time in International Court of Justice.
What's the problem? by zebslash · 2008-01-04 21:40 · Score: 5, Insightful

Don't want to be bound to the terms of the GPL? Don't use GPL code!
Just another piece of FUD.
just lazy companies. by bark · 2008-01-04 21:47 · Score: 5, Insightful

there is no free lunch. these manufacturers are seeing the "gold mine" open source software as a way to do less work. Well, you've got to comply with the terms of the license if you distribute it. no 2 ways about it.
Re:Since when do software licenses... by sinthetek · 2008-01-04 22:01 · Score: 5, Interesting

Sounds to me like that is just an excuse; I think it is fairly likely they are just trying to stir up trouble for FOSS community with SEC. They have a lot at stake if you think about it. AV companies' prime source of revenue is MS and it's adoption is declining while *nix -based systems' are increasing. They have little experience with *nix software probably and know most people won't see much need for a *nix AV solution and there are several to compete with already.

I could be wrong but seems like this and similar complaints about FOSS are from entities with self-serving interests rather than interests of society/world at large. A lot of it is just FUD hoping to encourage paranoia in businesses and slow FOSS adoption