Re: Into the Fire

From: Mark Wooding (mdw_at_nsict.org)
Date: 07/29/03


Date: 29 Jul 2003 09:09:50 GMT

MacGregor K. Phillips <mkp@topsecretcrypto.com> wrote:

> Open Source to me is like the software patents that tries to patent a
> problem which gives them ownership of all of the solutions. They also
> try to claim a problem and anyone that studies open source code and
> then writes their own solution to a problem is supposed to make their
> source code open source too because they may have used some ideas from
> the open source code.

You're very confused. Part of the confusion surrounds the difference
between Open Source Software and Copyleft. Also, your viewpoint is
strangely skewed if you can draw a parallel between:

  * a commercial restriction requiring payment for /any/ practice of an
    invention, including a completely independent implementation, and

  * the requirement to share with the community at large the results of
    modifying a program which is already offered, in a spirit of
    sharing, to that community.

The former is obvious capitalism; the latter an attempt to promote
sharing in an arena where there is far too little.

> If I were to post the complete source code to my program, how long do
> you think it would be before someone compiled a version and posted it
> on the Internet for everyone to use for free.

Ages. We have good crypto programs already, thanks. Have a `?'.

> Look at what happened to the original PGP program. The company went
> out of business because there were free versions, and source code to
> create your own, that could be downloaded. I do not know how the new
> PGP company is doing, and if anyone does know, would you please post
> it here.

This is a very garbled account. The `original' PGP program /was/ free.
Here's a quote from the PGP 2.6.2 documentation:

: PGP is not shareware, it's freeware. Published as a community
: service. Giving PGP away for free will encourage far more people to
: use it, which will have a greater social impact. Feel free to
: disseminate the complete unmodified PGP release package as widely as
: possible, but be careful not to violate U.S. export controls if you
: live in the USA. Give it to all your friends. If you have access to
: any electronic Bulletin Board Systems, please upload the complete PGP
: executable object release package to as many BBS's as possible.
:
: You may also disseminate the source code release package. PGP's
: source code is published to assist public scrutiny of PGP to show that
: it has no hidden weaknesses or back doors, and to help people to find
: bugs and report them. Recompile it and port it to new target
: machines. Experiment with the code and learn from it.

(It then goes on to say that it should't be used for commercial purposes
in the US and Canada, but that was because of the RSA patent issue, and
not any commercial designs of PRZ at the time.) Earlier versions were
released under the terms of the GNU General Public License (GPL) , and
were therefore Free Software in a very strong sense of the term.

PGP Inc /later/ formed and decided to turn PGP into a proprietary
program. I'm told they did a rather good job. They added many more
algorithms and features, certainly, and some of them at least looked
like good ideas.

As I understand it, the competition to this version /didn't/ come from
the old PGP 2.* build, which was largely incompatible, but from projects
such as GnuPG -- the GNU Privacy Guard -- which is a complete ground-up
implementation of the public OpenPGP standard containing no PGP code at
all, and released under the GPL.

\begin{speculation}
In fact, I suspect that PGP Inc really foundered because of internal
political wrangling over source code availability and PRZ leaving, the
latter causing a loss of faith in the security of the program. So, in a
way, they failed because they /didn't/ release their sources.
\end{speculation}

-- [mdw]