Re: Into the Fire

From: Mark Wooding (mdw_at_nsict.org)
Date: 07/29/03


Date: 29 Jul 2003 09:09:50 GMT

MacGregor K. Phillips <mkp@topsecretcrypto.com> wrote:

> Open Source to me is like the software patents that tries to patent a
> problem which gives them ownership of all of the solutions. They also
> try to claim a problem and anyone that studies open source code and
> then writes their own solution to a problem is supposed to make their
> source code open source too because they may have used some ideas from
> the open source code.

You're very confused. Part of the confusion surrounds the difference
between Open Source Software and Copyleft. Also, your viewpoint is
strangely skewed if you can draw a parallel between:

  * a commercial restriction requiring payment for /any/ practice of an
    invention, including a completely independent implementation, and

  * the requirement to share with the community at large the results of
    modifying a program which is already offered, in a spirit of
    sharing, to that community.

The former is obvious capitalism; the latter an attempt to promote
sharing in an arena where there is far too little.

> If I were to post the complete source code to my program, how long do
> you think it would be before someone compiled a version and posted it
> on the Internet for everyone to use for free.

Ages. We have good crypto programs already, thanks. Have a `?'.

> Look at what happened to the original PGP program. The company went
> out of business because there were free versions, and source code to
> create your own, that could be downloaded. I do not know how the new
> PGP company is doing, and if anyone does know, would you please post
> it here.

This is a very garbled account. The `original' PGP program /was/ free.
Here's a quote from the PGP 2.6.2 documentation:

: PGP is not shareware, it's freeware. Published as a community
: service. Giving PGP away for free will encourage far more people to
: use it, which will have a greater social impact. Feel free to
: disseminate the complete unmodified PGP release package as widely as
: possible, but be careful not to violate U.S. export controls if you
: live in the USA. Give it to all your friends. If you have access to
: any electronic Bulletin Board Systems, please upload the complete PGP
: executable object release package to as many BBS's as possible.
:
: You may also disseminate the source code release package. PGP's
: source code is published to assist public scrutiny of PGP to show that
: it has no hidden weaknesses or back doors, and to help people to find
: bugs and report them. Recompile it and port it to new target
: machines. Experiment with the code and learn from it.

(It then goes on to say that it should't be used for commercial purposes
in the US and Canada, but that was because of the RSA patent issue, and
not any commercial designs of PRZ at the time.) Earlier versions were
released under the terms of the GNU General Public License (GPL) , and
were therefore Free Software in a very strong sense of the term.

PGP Inc /later/ formed and decided to turn PGP into a proprietary
program. I'm told they did a rather good job. They added many more
algorithms and features, certainly, and some of them at least looked
like good ideas.

As I understand it, the competition to this version /didn't/ come from
the old PGP 2.* build, which was largely incompatible, but from projects
such as GnuPG -- the GNU Privacy Guard -- which is a complete ground-up
implementation of the public OpenPGP standard containing no PGP code at
all, and released under the GPL.

\begin{speculation}
In fact, I suspect that PGP Inc really foundered because of internal
political wrangling over source code availability and PRZ leaving, the
latter causing a loss of faith in the security of the program. So, in a
way, they failed because they /didn't/ release their sources.
\end{speculation}

-- [mdw]



Relevant Pages

  • Re: the safety of gnupg
    ... the mathematics of how to do PGP would seem to be considered as ... One of the points raised was: "What's the point in open source if it ... Open source software has a change of being ... ability to check the source code myself. ...
    (Fedora)
  • Re: For PGP Users-Likes and Dislikes of PGP
    ... That may be true for the public key crypto parts. ... for the PGP Whole Disk part is incomplete. ... He said that the source code is incomplete ... "use executable code versions of PGP software programs ...
    (sci.crypt)
  • Re: Alternative to PGP solutions
    ... My main gripe against GPG is ... designed to be intimidating or inaccessible to the average user. ... Subject: Alternative to PGP solutions ... > believe the CKT builds are based off of the PGPi source code. ...
    (Security-Basics)
  • Re: the safety of gnupg
    ... Who has actually checked the source code for it to ... see whether it's trustworthy, etc? ... it ought to be verified as safe. ... the mathematics of how to do PGP would seem to be considered as ...
    (Fedora)
  • Re: a couple PGP questions
    ... As I understand it, if it were open source, then others would be ... the only builds that I'm aware of PGP owners ever ... >>versions have complete source code available for review. ...
    (alt.computer.security)