Slashdot Mirror
Your License Is Your Interface
dp619 writes "License-free software has become a thing. Only 14.9% of repositories on GitHub have a license, according to recent Software Freedom Law Center research. Red Monk has observed that this trend is occurring principally among younger software developers. Outercurve Foundation technical evangelist Eric Schultz has offered up his opinion, saying, 'As an active developer I want to add a slightly different perspective on the dangers of releasing unlicensed software. My perspective is based on a simple phrase: "Your License Is Your Interface."' He adds, 'A license similarly defines the interaction between the software, or more precisely the creators of the software, and users. Just like an interface, a license defines intended behavior of users of the software, such as the four essential freedoms or the ten pillars of the Open Source Definition. Just like an interface, a license prevents unintended behavior of users of the software, which depending on the open source license, may disclaim the original author of liability for use of the software, prohibit redistribution without recognizing the original author or prohibit distribution of derivatives under a more restrictive license. When it comes to legal use and distribution of your software, your license IS your interface.'"
Eric Schultz appears to underestimate the ability of programmers to not give shit about licensing.
Lawyers want to wheedle their ways into all our lives. Ignore them, they won't go away, but it will simplify your life.
I should use this sig to advertise my book ISBN-13 : 978-1501515132.
"different perspective on the dangers of releasing unlicensed software. "
Technically, you cannot release unlicensed software. Sure, go ahead and post it to a public repository, but without an explicit license, copyright law forbids anyone else to make use of it. So you haven't really released it, just posted it out there to tease people.
If you don't want to pick one and you don't care, at least say something like "released to the public domain" to make it explicit. (This option isn't available in all countries, though.)
Most creative commons requires attribution. If you really "don't care", you should explicitly state that your software is CC0
If you're a zombie and you know it, bite your friend!
Obfuscation pretty much never has a place in security. Also, if the project is very important, you can always contact the creator and try to negotiate a different licence. It only becomes a bit problem when the project had contributions from several different sources where to get a different license, you have to contact way too many people.
The whole point of GPL is that they try to ensure that everybody has the right to the source of a given work or derivate of that work.
2 points, if you can't provide security without showing the method how you provide security, you aren't providing security and if the license is a problem either don't use the code or negotiate for a different license.
Software without a license is like a poison for everyone else. There's typically no legal risk to a developer in releasing their software, since it's likely he has the copyright. But it creates a legal minefield for anyone else who uses or modifies the software, either directly or by using software that stupidly embeds such things. At any time the developer, or his employer, could sue, and there's nothing the user could do.
Ignoring lawyers does not simplify your life. Sure, it'll simplify your life today, but only by creating potential disasters in the future. You need to think about other people, and whole lifetimes, not just think about yourself today.
If you think that copyright should only apply to software if it's marked, then work to get the law changed. It used to be that way before 1976. But it's not 1976. I suspect that the law won't get changed, really. But intentionally creating dangers for other people is a terrible, nasty thing to do.
- David A. Wheeler (see my Secure Programming HOWTO)
Except that without a license, no one can do anything with it!
At least slap a CC0 on it, or a WTFPL.
Obscurity is a perfectly valid layer of security as long as the security mechanism's integrity is not based solely on that obscurity. Just because certain information can be made public about a security system without damaging its integrity as a whole does not mean you necessarily should make that information public. Bruce Schneier even says so himself:
Kerckhoffs' Principle is just one half of the decision process. Just because security does not require that something be kept secret, it doesn't mean that it is automatically smart to publicize it.
From: http://www.schneier.com/crypto-gram-0205.html#1
I know that posts like this always get modded down by OSS-fanatics, but it is true. If I was to write a small piece of software and wanted people to actually use it, I would never release as GPL. [.. blah blah..] Release as BSD or similar with a warranty disclaimer and be done with it. [..blah blah..]
Or perhaps they're modded down because anyone outside the GPL vs. BSD zealotry sees them for what they are- the tedious and inevitable tendency of fanatics on either side to steer any vaguely license-related discussion into being yet another tedious identikit rehash of the GPL vs. BSD holy war.
As I already said
Never mind that we've had this discussion countless times before and every possible debating point and issue has been raised and discussed exhaustively a million times. Never mind that the chances of any new insight coming out of the billionth tedious discussion of this long-established subject is next to nothing. Never mind that those involved on both sides feel the need to repeat the same entrenched positions- which mostly come down to personal philosophy and not an incomplete understanding of the issues (which everyone knows full well by now) and will therefore be unlikely to change in the face of the discussion... not that this was the point anyway.
No, the point is that those involved in every one of these pointless rehashes of the exact same to-ing and fro-ing and restatements of the same old facts and arguments on both sides know this damn well, but can't reign in their desire to indulge in the argument yet again.
"Slashdot - News and Chat Sites Deviant". (Click "homepage" link above for details).
I think what the GP meant is that any crypto system in which the security of the data depends on the secrecy of the mechanism itself is fundamentally flawed. For example, keeping crypto keys secret is critical to security, which is why DRM doesn't work; the only thing protecting those keys from the user is the way in which the DRM code hides those keys, so as soon as that hiding mechanism is exposed, the entire scheme breaks down.
Check out my sci-fi/humor trilogy at PatriotsBooks.
If GitHub made your personal interpretation a requirement for using its site at no charge, that might work. But GitHub's terms don't really make sense for what people are trying to do on it. GitHub only allows you to "view" and "fork".
Are users allowed to run the code? The answer appears to be "no". That's because under most countries' law, including the US, by default users have NO rights unless they are granted somehow. Heck, as far, as I can tell, users aren't even allowed to modify it, because you can make a fork without modifying it, and only "forks" are allowed. Now we have to dance on what a "fork" means, and the LAWYERS, not the programmers get to decide.
If you want to release software, and collaborate, great! Posting stuff without a license is not a release, it's a legal minefield.
If don't include a license, the LAWYERS decide what is allowed... not the programmers. You probably won't like what the lawyers decide.
- David A. Wheeler (see my Secure Programming HOWTO)
A better example is that "no man dies without a will". If YOU don't make one OTHER PEOPLE's Lawyers will.
The same applies to software licenses. If you are not using LAWYERS to write a license before publishing, then your ignorant not to pick an OSI-approved license. The list is long enough to be useful, and the OSI approved licenses have enough establishment legally as "reasonable and customary" "industry standards" that there is LOTS of stuff written about the technicalities and interactions that real layers have done lots of work on.
Otherwise, you are just waiting to be a victim of some corporate lawyer hijacking your stuff.
Indeed. And in fact you indirectly raise another issue - if the "original" author is so ignorant of copyright law that they "share" their code without any licensing information, then there's a fair chance that they have themselves incorporated other people's code into their work without regard to copyright restrictions, so you may be opening yourself up to legal liability for having GPLed, "shared source", or other restrictively licensed code incorporated into your software without realising it.
--- Most topics have many sides worth arguing, allow me to take one opposite you.
Everyone picks GNU GPL because they think it sounds cool, but it is toxic for people not making software they want to provide source code to.
That is 100% why I release my source code under the GPL. I'm willing to take payments in money too, but you should give back some how. No free lunch.
"First they came for the slanderers and i said nothing."
In this specific case, there's -already- a default licence that says who can do what wit software in the absence of specific permission from you. It's called copyright. It spells out clearly and unambigously what one can do, and what one needs the permission of the author to do.
The only possible source of confusion is if publishing something openly on the web constitutes implicit permission to do something more than what copyright already allows.