Hello all, The following caught my eye:
On Wed, Aug 21, 2019, 5:09 PM Thorsten Glaser <t...@mirbsd.de> wrote: > > Incidentally works covered by the AGPL are being removed from a > lot of institutions now due to the inability to deploy embargoed > security fixes. This isn’t just a licence issue, but the ability > to operate securely is clearly also relevant. (This was also ob‐ > served near Debian.) > This is a perspective that I had not considered relative to the CAL. What would everyone here think of the following exception to the CAL's requirement to provide source code: 4.1.3. Coordinated Disclosure of Security Vulnerabilities You may delay providing the Source Code corresponding to a particular modification to the Work for up to ninety (90) days (the “Embargo Period”) if: a) the modification is intended to address a newly-identified vulnerability or a security flaw in the Work, b) disclosure of the vulnerability or security flaw before the end of the Embargo Period would put the data, identity, or autonomy of one or more Recipients of the Work at significant risk, c) You are participating in a coordinated disclosure of the vulnerability or security flaw with one or more additional Licensees, and d) the Source Code pertaining to the modification is provided to all Recipients at the end of the Embargo Period. Good policy? OSD compliant? I think so, but would like to hear other's thoughts. Thanks, Van
_______________________________________________ License-discuss mailing list License-discuss@lists.opensource.org http://lists.opensource.org/mailman/listinfo/license-discuss_lists.opensource.org
