[liberationtech] The great open-source balancing act

Shava Nerad shava23 at gmail.com
Sun Sep 1 15:05:38 PDT 2013 

It was also made rather clear in June that Silent Circle integrates
licensed libraries into their code.  This means unless they planned from
day one to be clean and modular -- which is, hey, what every one of us does
in startup mode under siege from security threats, market pressures,
community flame wars, and dev ADHD amiright? -- they have a suck process
grooming and combing through code before releasing it above and beyond "is
it pretty?" one might speculate.  While still under pressure from {see list
above}.

Problem with mixed licensing.  Seen it before.  You probably have too.

SN
On Sep 1, 2013 3:06 PM, "Griffin Boyce" <griffin at cryptolab.net> wrote:

>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Douglas Lucas wrote:
> > Periodic reminder that despite promises and people's positive emotional
> > investments in Phil Zimmerman, Silent Circle is still not open source.
> >
> > We need an IsHemlisOpenSourceYet.com
>
>   I think that this is the most difficult balancing act that anyone has
> as a developer.  If you offer open-source software, the very act of
> being more transparent directly impacts your bottom line. And not every
> side-effect is a positive one.
>
>   So from a business perspective, I can respect that both Silent Circle
> and Hemlis have made the decision not to offer their full source.  But I
> am also in a position to choose -- I choose not to support Silent Circle
> -or- Hemlis and to openly caution people about the risks of using
> closed-source communication software.  There's too much opportunity to
> fail quietly (silently, even), either through bad code or outside
> pressure or various legal quandries or greed.  Too many times people
> have put their faith into something that is closed-source and
> for-profit, only to have unforeseen security problems crop up later.
>
>   But it's a balancing act - perhaps particularly if you're a service.
> If you open-source all of your code, someone could create a competing
> service.  If a company is transparent about receiving a subpoena for
> customer data, they run the risk of users leaving.  It's easy to say "no
> big deal" when it's not your rent money.  But on balance, I would much
> rather support organizations who are willing to take that risk and put
> faith in their users.  Silent Circle is clearly not willing to give a
> potential user like me the benefit of the doubt.  So while I like the
> idea of us all using cypherpunk walkie-talkies, I'd rather code my own
> solution than give my money and my voice to Silent Circle.  Again, it
> has nothing to do with them as people, and everything to do with their
> business practices.
>
>   I don't come at this discussion lightly.  I use closed-source software
> every day.  I've built stuff that uses Twilio, which is a closed-source
> communications API.  Other people feel differently about this topic and
> that is Okay.
>
> ~Griffin
>
> - --
> "Cypherpunks write code not flame wars." --Jurre van Bergen
> #REDACTED / PGP: 0xAE792C97 / OTR: saint at jabber.ccc.de
>
> My posts are my own, not my employers.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
>
> iQIcBAEBAgAGBQJSI5ArAAoJEOMx/SmueSyX7AcP/i4bLALt4TsUF9Z/qgPiCcMl
> Ub6auMYa3wTO5aiuwD9613PtQ8iLZF/OHq/3ldAYUlKdqrwTEMPgqNoLBzl+6Xjo
> 17gmBtjC0aH4faZAbq62O7dxKu1kjCM9DTtUQ8tA192b10Kph5t1Q/lPvsHDT6sz
> u4hRMCxxk3MdZTZdb53yWgrZVlp805ZRVZ3I20YmdakIiL4fr4lA7s3xk4gNpmmu
> 5FvBi41tDaIxEwtKuSN1KnrlM0PhlYVAsm4gHp+E/N5sYrVrF6K6kxKtvJNmkr6T
> l8UlBgf+rTrJVK4C62enCix92BnbD8MwR9e+yvaJy0O8WPM9RJPjw/NRj+6K+mzD
> /+7LpYGaGJ5IJB/tmkrBaguJMux5MF4Yq1/aZKtmtuZc/GeYjPgzQhTp2px38zin
> JQfiEDIqltSo4ot67B0Kj2quCMwdRB2EpE54M8okrY7sD7MKvkAtL6s11I/an6bL
> Jz/eHpp/VRx4RmA6gWZi+UvJ+QjFqgnpoDb7WWJYaBSlfeIEkqHlzuReKfQSteOQ
> iN4hE1lxBxcKrU/mgnRdC/WTrdZfuKDgBhnRguVaez0SYEVJjQ/rWR7R830JKbmo
> OD/kiDrO48yYJdQEr/s4VSNTtA2gBYPbx5r6+CMc8jFTr9jcWW5ZhvsPQEPB8r+R
> jZ1iaJGgFXxo83IWmJ7G
> =oQzE
> -----END PGP SIGNATURE-----
>
> --
> Liberationtech is a public list whose archives are searchable on Google.
> Violations of list guidelines will get you moderated:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
> Unsubscribe, change to digest, or change password by emailing moderator at
> companys at stanford.edu.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130901/d4685aea/attachment.html>

More information about the liberationtech mailing list