[Discuss] free/open licenses could discourage participation just because they're unusual

Mario Gómez mxgxw.alpha at gmail.com
Mon May 5 17:52:41 UTC 2014 

I don't completely agree with that... We are talking about a widely used
piece of software not an obscure project that no-one knew.

If the licensing could have been an important factor, then not many people
would have been using it in the first place. I mean, it's like saying that
you don't want to collaborate on the development because the licensing used
but at the same time you fully agree to incorporate it on your software or
use software that incorporates it. That doesn't make a lot of sense.

As JS said on his reply, this problem could have many layers of causations,
but I don't agree that the licensing could be the main reason.

However, as many of you already said, there is practically no reasons to
create a new license when you have a pretty well defined catalog of
different "approved" licenses that could be used on different contexts.
Also I fully agree that using a custom license just because you'll want to
be "different" it's a really bad practice.

For me, appears that heartbleed is the result of the conjunction of several
bad practices that could happen on any Open Source (or even closed-source)
software.

1-A small (under-funded?) team working on a critical software application.
This is not bad as the team know their own limitations. I mean, no one
cared seriously about funding OpenSSL until a dangerous vulnerability was
found, now all the "big players" (even Microsoft) want to fund them.

2-Ignoring expert technical advice about security issues on the code. This
was evidenced by the feedback provided by the OpenBSD team over several
vulnerabilities on the code that was ignored in favor of performance
optimizations.

3-Failing to implement a strong peer-review and code auditing methodologies
to early spot security flaws. As I understand there was only one review to
the commit that generated the heartbleed bug. How it's possible that a
critical piece of source code was reviewed only by one person?

Looking at those other issues, I fail to see how the decision made about
the license used could have prevented any of that happening. It's really
possible that some developers were discouraged to participate, but the
people that really cared (OpenBSD team) participated on trying to fix many
bugs before Heartbleed came and none of them has said that the license
prevented them to participate on the development.

I would say, about licenses, that the problem it's not the license used,
but instead the fact that many of the developers doesn't care about the
license of the software... The lawyers in corporate environments are the
ones that care (As Chris exemplified on his experience)... just look at the
statistics of github,  50% of the repositories hosted over there doesn't
even specify a license and that doesn't prevent many developers to
participate over it.

Regards,
Mario.





On Fri, May 2, 2014 at 10:00 AM, Chris Sigman <cypris87 at gmail.com> wrote:

> I had a client once that wouldn't let us use any OSS, even though before
> licenses it would save a 250K, all because his lawyer didn't feel there was
> enough legal precedent around the licenses. Not quite the same, but
> illustrates the conservatism of some people related to licensing.
>
> Chris
>
> _______________________________________________
> discuss mailing list
> discuss at lists.oshwa.org
> http://lists.oshwa.org/listinfo/discuss
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.oshwa.org/pipermail/discuss/attachments/20140505/f41a02cb/attachment.html>

More information about the discuss mailing list