:: Re: [Libbitcoin] License - what abo…
Kezdőlap
Delete this message
Reply to this message
Szerző: Amir Taaki
Dátum:  
Címzett: libbitcoin
Tárgy: Re: [Libbitcoin] License - what about a truly free license (humble and extremely important enquiry for the project)
libbitcoin is with a lesser clause.
Added by SFLC and vetted by Stallman himself:
https://github.com/libbitcoin/libbitcoin/blob/develop/LICENSE#L31

On 13/05/14 22:07, mlmikael wrote:
> Peter and Eric,
>
> As for my Q I believe Amir gave answer already through his clarification
> about how the "OpenSSL exception" clause should be interpreted, however
> if not else than for completeness find here response to your posts, thanks.
>
>
> Peter,
>
> On 2014-05-13 17:52, Peter Todd wrote:
>> For Bitcoin and other security related software a key issue is that
>> source code *must* be available to the user in all circumstances so that
>> they can be sure the code has not been backdoored or otherwise
>> compromised.
>
> For security auditing and other purposes, the official version of the
> library sourcecode must be available - completely agreed.
>
> As for everyone to be able to inspect themselves that it is not
> backdoored or compromised - am 100% with you.
>
>> Very strongly opensource licenses, such as the Affero GPL,
>> provide that guarantee in ways that lesser and *less* free, licenses do
>> not. Remember that when we talk about freedom, we're talking about the
>> user's freedom to use, modify, and inspect the software that keeps their
>> Bitcoins safe and protects their privacy, not the freedom of people who
>> want to restrict that right.
>>
>> Thus I strongly support distributing LibBitcoin under the maximally free
>> license possible, the Affero GPL.
>
> Users can do this independent of if the license is Affero GPL or MIT -
>
> LibBitcoin's official sources are inspectable at GitHub independent of
> which license it has.
>
>
> The social difference between MIT and Affero GPL is that Affero has a
> quality of forcing certain users and developers to release their
> particular patches.
>
> If someone has a LibBitcoin patch that's not publically released, then
> the use of that patch won't go very far between different parties'
> LibBitcoin deployments anyhow, and it's at first at that level having a
> normative inspectable LibBitcoin source is of value;
>
> There's no point in that LibBitcoin would be like a concept that noone
> is allowed not to patch. Security issues in a Bitcoin setup that uses
> LibBitcoin can come from a zillion sources that are external to
> LibBitcoin, such as heap overflows or key management issues in code of
> programs that use LibBitcoin directly or indirectly, so what sense in
> forcing release of anyone's patches.
>
>
> Eric,
>
> On 2014-05-13 18:17, Eric Voskuil wrote:
>> I agree. There is little if any commercial (or other) value to be
>> gained in serving up or distributing Bitcoin software without full
>> source disclosure.
>
> If it's ordinary wallet software yes.
>
> Though someone might want to make a special integration of LibBitcoin
> with his proprietary embedded solution or whatever, why force release of
> those updates, what if it would be so special that he'd want to keep his
> patch, for instance.
>
> There, the AGPL quickly stops making sense and makes a niché library out
> of an AGPL library in comparison - what about LGPL?
>
>> Really we have the opposite problem. We need to make it easier for the
>> user to prove that the software he/she is running is intended.
>> Deterministic build is hard. And of course even with source, ensuring
>> correctness is also very hard (as highlighted by the recent trail of
>> SSL/TLS bugs/backdoors). Them there's the hardware...
>>
>> http://en.m.wikipedia.org/wiki/Tailored_Access_Operations
>>
>> e
>
> Yes, the biggest challenge is to prove that the software is running as
> intended.
>
> This is why the source is openly available at GitHub.
>
> It will be, even if it would be under another OS license.
>
>
>
> On this topic, perhaps something like an Affero LGPL would be justified,
>
> http://stackoverflow.com/questions/3330792/why-isnt-there-a-lesser-affero-general-public-license#4419776
>
>
>
>