[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: propose: `cypherpunks license' (Re: Wanted: Twofish source code)

Matt Curtin wrote:
> Richard Stallman <[email protected]> writes:
> > I beg your pardon, but this is no mistake.  I'm well aware of the
> > people who argue for donating code to companies "so it will be more
> > widely used."
> This is really an interesting, and subtle, point.  The goals might
> well be different, but I suspect they're more complementary than most
> of us immediately realize.

Agreed. For example, having SSLeay (say) used in some proprietary
program or other would achieve very little in the way of "cypherpunk
goals" (unless perhaps the company voluntarily published improvements
and bug fixes for SSLeay). Having it used in Mozilla is a different
matter, however. Ultimately what is needed is not good free crypto
(which already exists, pretty much) but good free *applications* that
use crypto, with available source that can be examined for good practice
and backdoors, and that can be fixed when they are broken.  

But that's not to say that there is no point in trying to harness the
resources of proprietary software makers. One of way of looking at this
is that there is a limited number of people who know about this stuff,
and some of them work on proprietary software. Let's assume that it's
worth getting those people involved. Well, GPLing your code pretty much
ensures that they won't work on it. On the other hand, a very liberal
licence like BSD will mean that many of them won't or can't share their
results. The Mozilla licence looks to me like a good compromise in terms
of getting skilled people involved and maximising the return of
improvements. Additional licence terms like "no GAK" or whatever would
just turn some % of people off the code and would be superfluous
anyway--there's no need for the licence to demand "no GAK" if it demands
the source, and there's no point in demanding it otherwise.

Frank O'Dwyer.