<div dir="ltr">To the original question whether we have any data on this topic, we have some data that is slightly tangential but interesting to the conversation. When we asked the oshw community in a survey (2013 & 2012) nearly half the people did not use any type of open license with their files. When asked why, the main response was that the licenses were too difficult for a non-lawyer to understand. <div>
<br></div><div>Alicia </div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Mon, May 5, 2014 at 11:52 AM, Mario Gómez <span dir="ltr"><<a href="mailto:mxgxw.alpha@gmail.com" target="_blank">mxgxw.alpha@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">I don't completely agree with that... We are talking about a widely used piece of software not an obscure project that no-one knew.<br>
<br>If the licensing could have been an important factor, then not many people would have been using it in the first place. I mean, it's like saying that you don't want to collaborate on the development because the licensing used but at the same time you fully agree to incorporate it on your software or use software that incorporates it. That doesn't make a lot of sense.<br>
<br>As JS said on his reply, this problem could have many layers of causations, but I don't agree that the licensing could be the main reason.<br><br>However, as many of you already said, there is practically no reasons to create a new license when you have a pretty well defined catalog of different "approved" licenses that could be used on different contexts. Also I fully agree that using a custom license just because you'll want to be "different" it's a really bad practice.<br>
<br>For me, appears that heartbleed is the result of the conjunction of several bad practices that could happen on any Open Source (or even closed-source) software.<br><br>1-A small (under-funded?) team working on a critical software application. This is not bad as the team know their own limitations. I mean, no one cared seriously about funding OpenSSL until a dangerous vulnerability was found, now all the "big players" (even Microsoft) want to fund them.<br>
<br>2-Ignoring expert technical advice about security issues on the code. This was evidenced by the feedback provided by the OpenBSD team over several vulnerabilities on the code that was ignored in favor of performance optimizations.<br>
<br>3-Failing to implement a strong peer-review and code auditing methodologies to early spot security flaws. As I understand there was only one review to the commit that generated the heartbleed bug. How it's possible that a critical piece of source code was reviewed only by one person?<br>
<br>Looking at those other issues, I fail to see how the decision made about the license used could have prevented any of that happening. It's really possible that some developers were discouraged to participate, but the people that really cared (OpenBSD team) participated on trying to fix many bugs before Heartbleed came and none of them has said that the license prevented them to participate on the development.<br>
<br>I would say, about licenses, that the problem it's not the license used, but instead the fact that many of the developers doesn't care about the license of the software... The lawyers in corporate environments are the ones that care (As Chris exemplified on his experience)... just look at the statistics of github, 50% of the repositories hosted over there doesn't even specify a license and that doesn't prevent many developers to participate over it.<br>
<br>Regards,<br>Mario.<br><div><div><div><div><div><div><div><br><div><br></div>
<div><br>
</div></div></div></div></div></div></div></div></div><div class="gmail_extra"><br><br><div class="gmail_quote"><div class="">On Fri, May 2, 2014 at 10:00 AM, Chris Sigman <span dir="ltr"><<a href="mailto:cypris87@gmail.com" target="_blank">cypris87@gmail.com</a>></span> wrote:<br>
</div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class=""><p dir="ltr">I had a client once that wouldn't let us use any OSS, even though before licenses it would save a 250K, all because his lawyer didn't feel there was enough legal precedent around the licenses. Not quite the same, but illustrates the conservatism of some people related to licensing.</p>
<span><font color="#888888">
<p dir="ltr">Chris</p>
</font></span><br></div><div class="">_______________________________________________<br>
discuss mailing list<br>
<a href="mailto:discuss@lists.oshwa.org" target="_blank">discuss@lists.oshwa.org</a><br>
<a href="http://lists.oshwa.org/listinfo/discuss" target="_blank">http://lists.oshwa.org/listinfo/discuss</a><br>
<br></div></blockquote></div><br></div>
<br>_______________________________________________<br>
discuss mailing list<br>
<a href="mailto:discuss@lists.oshwa.org">discuss@lists.oshwa.org</a><br>
<a href="http://lists.oshwa.org/listinfo/discuss" target="_blank">http://lists.oshwa.org/listinfo/discuss</a><br>
<br></blockquote></div><br></div>