Re: Open Source only?

[Kurt Seifried <kseifried () redhat com>]

On 27/08/14 05:04 PM, Solar Designer wrote:
> Hi,
>
> I've just rejected a posting giving the following reason:
>
> Message lacks Subject, and the software appears to be non Open Source:
> partial(?) source code is available, but under a EULA that doesn't
> appear to meet OSI definition.
>
> The message was CC'ed to full-disclosure, so it will probably appear
> there.
>
> While message lacking Subject is a technicality, which the sender may
> address (and resend the message), the issue of software that comes with
> source code, but isn't under an Open Source license is one we might want
> to decide on, if we haven't already (I think we have, which is why I
> mentioned it as one of two reasons to reject that posting).  Also, it
> may at times be tricky (and unreliable and time-consuming) for list
> moderators to determine whether a license is Open Source or not, as well
> as whether the software is possibly dual-licensed.  Should we perhaps
> err on the side of approving postings whenever in doubt?

Simple: If we go with Open Source only then "is the code available under
an approved license"?

http://opensource.org/licenses

Obviously if there needs to be an exception (e.g. a closed source/poorly
licensed source interacts significantly with something Open Source it
might be worth discussing).

The other aspect of this: in my experience the majority of closed source
vendors just don't care about security. So discussing it, especially
without their input/even being aware of it is quite pointless.

> Alexander

-- 
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

Attachment: signature.asc
Description: OpenPGP digital signature