Thorsten Glaser wrote: > Howard Chu dixit: > >> A standard license clause of this form would also have ended the >> debate over disclosure of zero-day vulnerabilities and other such >> nonsense that plagues today's software world. I.e., you would have a >> clear obligation to inform the software authors of any flaws you >> discover in their code - first, before doing anything else with that >> knowledge. >> >>> What the FSF calls "freedom 0" was very specifically intended to not >>> put obligations on pure software use. There is no obligation to >>> contribute, only a freedom to contribute (freedoms 2 and 3). >> >> I still believe the FSF erred here. Free software only grows if a >> community contributes back. It may be OK for a large corporation to >> toss software over a wall, but for individual hobbyist programmers >> trying to improve their work and support their users, this "pure use" >> freedom sucks people dry and burns them out. > > Licences which require distribution of changes (outside of to whom > the changed work is distributed) are explicitly unacceptable to > Debian, whose DFSG are the “sister” of the OSD used by OSI. > > In Debian, there are explicit “tests” one can use to verify the > freeness of a licence from a number of already-seen fallacies. > > Two of these which often appear necessary are the Chinese Dissident > test (requirement to publish will endanger them as it makes identi‐ > fication possible)
I don't believe this test is conclusive. Sending modifications back to the code's original author doesn't immediately publish them. And, publication of a modification doesn't necessarily identify anybody. For example - some of the contributors to rtmpdump used a cryptographic hash to assert their copyrights. http://git.ffmpeg.org/gitweb/rtmpdump.git/blob/c5f04a58fc2aeea6296ca7c44ee4734c18401aa3:/README > and Desert Island test (a person stranded on an > island, no matter whether alone or with other deserted people, but > cut off, must be able to exercise all DFSG-conformant works inside > their limited-connectivity society). The requirement to send modifications back doesn't prevent anyone from using the code. You could call it best-effort, or at earliest opportunity. > I believe private modifications are not required permission from > the copyright owner, and any licences trying to coerce recipients > into agreement to a forced condition regarding them (by making > the granting of other rights conditional on that) questionable, > no scratch that, inacceptable. > > > Incidentally works covered by the AGPL are being removed from a > lot of institutions now due to the inability to deploy embargoed > security fixes. This isn’t just a licence issue, but the ability > to operate securely is clearly also relevant. (This was also ob‐ > served near Debian.) > > Thank you for listening, > //mirabilos -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/ _______________________________________________ License-discuss mailing list License-discuss@lists.opensource.org http://lists.opensource.org/mailman/listinfo/license-discuss_lists.opensource.org
