> Just because it's ``often'' done doesn't mean it's correct. To me, and
> possibly others, open source is used to describe software that uses a
> licence conforming to the Open Source Definition.
>
I like: "3 a: completely free from concealment : exposed to general view or
knowledge b : exposed or vulnerable to attack or question"
BSD folks may like: "14 a (1) : characterized by lack of effective
regulation of various commercial enterprises (2) : not repressed by legal
controls b : free from checking or hampering restraints c : relatively
unguarded by opponents "
(from www.yourdictionary.com) for the use of "Open".
Now back to security and audits and the DJB world.
For software I want to look at the overall design first. Then I want to see
the "style" the coder used. This is not about what tab stops were used or
the brace style but how comments, defines, subroutines, variable names and
constants are used in the code.
I did this with DJBDNS and DNSCache. I see the strengths and weaknesses of
the code and feel that within the scope of the project it is acceptable. For
a larger project I would have objections. It is possible that DJB has files
of code documentation that he has not made public that would eliminate these
objections.
My next wish would be to conduct a formal code review with the author. To
sit down and have them explain each routine. Tell me why they chose one
method over another. "Audits" have merit but in my view they are not as
productive as a formal review with the author.
As for license, it appears that DJB has chosen to simply reserve his lawful
rights as the author. I would assume that this is the safest path as the
case law is very extensive for these rights. I am unaware of any case law
involving the GLP (in its many forms).
