[linux-elitists] [liberationtech] Silent Phone source code available on GitHub

Tony Godshall togo at of.net
Fri Oct 4 10:13:45 PDT 2013


Indeed the Not For Monetary Gain clause violates the Open Source Definition.



On Fri, Oct 4, 2013 at 9:11 AM, Eugen Leitl <eugen at leitl.org> wrote:
> ----- Forwarded message from Karl Fogel <kfogel at red-bean.com> -----
>
> Date: Fri, 04 Oct 2013 11:02:11 -0500
> From: Karl Fogel <kfogel at red-bean.com>
> To: liberationtech at lists.stanford.edu, Petter Ericson <pettter at acc.umu.se>
> Subject: Re: [liberationtech] Silent Phone source code available on GitHub
> Message-ID: <87fvshrpmk.fsf at kwarm.red-bean.com>
> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3.50 (gnu/linux)
> Reply-To: Karl Fogel <kfogel at red-bean.com>, liberationtech <liberationtech at lists.stanford.edu>
>
> Petter Ericson <pettter at acc.umu.se> writes:
>>So, Silent Circle (well, Silent Phone) is finally open source!
>
> Thank you, Petter -- it sounds like this release was a lot of hard work.
> But it doesn't appear to be actually open source.  At least, I couldn't
> find a license file containing an open source license.  Actually, I
> didn't see any license file at all, so I went looking for a source file,
> and the first one I found was:
>
>   https://github.com/SilentCircle/silent-phone-android/blob/master/src/com/silentcircle/silentphone/TiviPhoneService.java
>
> ...which contains this license header in a comment at the top:
>
>   > Copyright © 2012-2013, Silent Circle, LLC. All rights reserved.
>   >
>   > Redistribution and use in source and binary forms, with or without
>   > modification, are permitted provided that the following conditions are met:
>   > * Any redistribution, use, or modification is done solely for personal
>   > benefit and not for any commercial purpose or for monetary gain
>   > * Redistributions of source code must retain the above copyright
>   > notice, this list of conditions and the following disclaimer.
>   > * Redistributions in binary form must reproduce the above copyright
>   > notice, this list of conditions and the following disclaimer in the
>   > documentation and/or other materials provided with the distribution.
>   > * Neither the name Silent Circle nor the
>   > names of its contributors may be used to endorse or promote products
>   > derived from this software without specific prior written permission.
>   >
>   > [...]
>
> That first term is incompatible with open source (prohibition on
> commercial use means it's not open source).  For clarification:
> http://opensource.org/faq#commercial
>
> Of course, I'd love to see the code switched to an open source license,
> and am happy to help you choose one, if you'd like help.  A good place
> to start is http://opensource.org/licenses.
>
> Having the code visible to the world is still a gain from a security
> perspective, and I don't mean to diminish that.  However, "visible" is
> not the same as "open source".
>
> Best,
> ­Karl
>
>>At least, the previous version, with the next one coming "in a couple of weeks".
>>
>>This, to me, is absolutely wonderful news, as it is finally possible to get a
>>proper security audit of the whole shebang.
>>
>>Github issue: https://github.com/SilentCircle/silent-phone-base/issues/5
>>
>>The released repo: https://github.com/SilentCircle/silent-phone-android
>>
>>/P
>>
>>From: Jim Burrows <notifications at github.com>
>>Subject: Re: [silent-phone-base] Impact of ZRTP library critical security vulnerabilities (#5)
>>To: SilentCircle/silent-phone-base <silent-phone-base at noreply.github.com>
>>Cc: pettter <pettter at acc.umu.se>
>>
>>@pettter, "Soon" is today, well, actually last night.
>>
>>We've just released the sources to Silent Phone for Android
>>V1.6.5. And, yes, we released them one week after we released 1.6.6 to
>>the Play Store, so they're a little bit stale, *BUT*... what delayed
>>us was making sure that they were buildable from the GitHub repo
>>outside our build environment. That means, assuming we got it right,
>>that you can check out our repo here on GitHub, build your own APK,
>>install it on your phone and run it instead of our Play Store version.
>>
>>And to make lemonade out of the lemons of being one release behind, we
>>plan on releasing 1.6.6 in a couple of weeks, so, if you try to build
>>1.6.5 and find that we blew it somehow, you can post an issue here and
>>we've already got a release planned to fix it in.
>>
>>I'm really sorry that "soon" took this long. It was absolutely NOT my
>>plan, but this summer has been really really hectic (for obvious
>>reasons) and we're a small company with limited resources. The
>>slowness has really frustrated me, as has the fact that when I yell,
>>"What idiot set those priorities?" each time something delayed posting
>>here, the answer was always "me". I can try to blame all the Snowden,
>>NSA, Prism brouhaha and the time and resource pressures it has put us
>>under, but in the end, I'm the one who grits his teeth and says, "Yes,
>>that's more important than the GitHub release. Make it so."
>>
>>I'd be happy to have you sympathize with me for the decisions I've
>>faced this summer, but I absolutely would not disagree with you if you
>>blamed me for the delay. I own it.
>>
>>Silent Phone for iOS sources, Silent Text for Android, and then Silent
>>Phone for Android 1.6.6 source releases are all in the pipeline, and
>>if you'll forgive me for using a word that I myself have sullied, they
>>should all be here "soon".
>>
>>----------
> --
> Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu.
>
> ----- End forwarded message -----
> --
> Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
> ______________________________________________________________
> ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org
> AC894EC5: 38A5 5F46 A4FF 59B8 336B  47EE F46E 3489 AC89 4EC5
> _______________________________________________
> Do not Cc: anyone else on mail sent to this list.  The list server is set for maximum one recipient.
> linux-elitists mailing list
> linux-elitists at zgp.org
> http://zgp.org/cgi-bin/mailman/listinfo/linux-elitists



-- 
--
Best Regards.
This is unedited.


More information about the linux-elitists mailing list