oss-sec mailing list archives
Re: Open Source only?
From: Tomas Hoger <thoger () redhat com>
Date: Wed, 3 Sep 2014 15:59:05 +0200
On Thu, 28 Aug 2014 03:04:02 +0400 Solar Designer wrote:
I've just rejected a posting giving the following reason: Message lacks Subject, and the software appears to be non Open Source: partial(?) source code is available, but under a EULA that doesn't appear to meet OSI definition. The message was CC'ed to full-disclosure, so it will probably appear there. While message lacking Subject is a technicality, which the sender may address (and resend the message), the issue of software that comes with source code, but isn't under an Open Source license is one we might want to decide on, if we haven't already (I think we have, which is why I mentioned it as one of two reasons to reject that posting). Also, it may at times be tricky (and unreliable and time-consuming) for list moderators to determine whether a license is Open Source or not, as well as whether the software is possibly dual-licensed. Should we perhaps err on the side of approving postings whenever in doubt?
Investigating license status to decide whether some post should be approved sounds like a very bad use of your time. List charter already says Open Source software issues only are expected to be posted here. If post is related to something that is obviously closed source, it should be rejected. If it's something which has source available, allow it in without investigating if it has OSI approved license, or is properly licensed at all. The above can be re-visited if there is actually a relevant number of abuses. Just my 2c. -- Tomas Hoger / Red Hat Product Security
Current thread:
- Open Source only? Solar Designer (Aug 27)
- Re: Open Source only? Kurt Seifried (Aug 27)
- Re: Open Source only? Hanno Böck (Aug 27)
- Re: Open Source only? Joe MacDonald (Sep 03)
- Re: Open Source only? Tim (Aug 27)
- Re: Open Source only? Tomas Hoger (Sep 03)
- Re: Open Source only? Kurt Seifried (Aug 27)