[linux-elitists] (forw) Viewable Source != Open Source
Sat Mar 4 22:25:07 PST 2000
Another Linux periodical fooled by these bozos. It's really getting
a bit on my nerves.
(My query to Tripwire, Inc. about clarifying its intentions, and about
whether it has sufficient title to the Tripwire codebase to open-source
it, has been ignored, by the way.)
----- Forwarded message from Rick Moen <rick> -----
Date: Sat, 4 Mar 2000 22:18:36 -0800
From: Rick Moen <rick>
Subject: Viewable Source != Open Source
X-Mailer: Mutt 1.0i
Dear Ms. Richardson:
Suddenly, it's 1984, again. That was about when the developer
community figured out that access to merely _view_ source code was not
enough, and they need not put up with the disadvantages of proprietary
licences. Proprietary code is fine for those who like it, but might
suddenly become unavailable for further improvement and adaptation if
(say) the owner withdraws the product, changes business models, or goes
I say it feels like 1984 because of David Penn's 3-Mar-2000 article,
"Tripwire Opens Up 'Best of Breed' Security Tool"
(http://www2.linuxjournal.com/articles/business/034.html). Penn reports
that Tripwire, Inc. will be "providing source code for its flagship
product, as opposed to merely open sourcing older versions...."
However, "providing source code" _isn't_ open sourcing. Am I missing
something, or isn't this free / open-source world's key, fundamental
difference? Did I just dream the last sixteen years? Did, say, Sun
Microsystems's SCSL suddenly become an "open source" licence, merely
because it makes covered source code open for inspection?
In fact, it is clear that Tripwire, Inc. remains under the (mistaken)
impression that viewable source = open source: Its FAQ
(http://www.tripwire.org/faq.html) states that "Tripwire, Inc. has had
the advantage of distributing an open source product in the market for 8
years". This refers to "Tripwire ASR", the viewable-source variant of
the company's product. Which, of course, is not open source, and never
Examples abound, actually, of the open-source community going to
considerable lengths to replace proprietary, viewable-source software,
to gain the advantages of genuine open source. The canonical example
would be BSD Unix and its progeny. In the security field, GNU Privacy
Guard is replacing proprietary PGP, OpenSSH is replacing SSH, _and_ Rami
Lehti's GPL'd AIDE package (Advanced Intrusion Detection Environment,
http://www.cs.tut.fi/~rammer/aide.html) is making Tripwire obsolete.
Tripwire, Inc.'s confusion about licencing is understandable -- and no
doubt genuine: They're very late to the party, are considering joining,
and misunderstand the ground rules. But it's a little less easy to
understand how _LJ_ could repeat the company's claims so uncritically.
Cheers, My pid is Inigo Montoya. You kill -9
Rick Moen my parent process. Prepare to vi.
rick (at) linuxmafia.com
----- End forwarded message -----
More information about the linux-elitists