Language Selection

English French German Italian Portuguese Spanish

Foolproofing Open Source

Filed under
OSS

Imagine Bill Gates sends you an e-mail asking how Microsoft can improve the software license for Windows. He wants to make sure the legal language works better for your business.

Imagine that.

Well, that's exactly what is about to happen with Linux. It's yet another reminder of how Linux and open source are different -- but also good for business. Patents, intellectual property, and software licenses matter in open source. And the legal news on open source continues to be good for companies, consumers, governments, and developers of software.

STRONG FOOTING. Any discussion of open-source software and the law begins with software licenses. The GNU General Public License (GPL) is the world's most widely used open-source software license. It continues to be a very good license for different kinds of software.

The competitors to Linux and open source always stress the risk that users and companies face if they use this software to run their business. You may be surprised to learn that the GPL has never been successfully challenged in court since it was introduced in 1991. That's a very good thing to know if your business runs Linux.

The influence of the GPL extends far deeper than explaining the rights under which tens of millions of people can use software such as Linux. More than 70 percent of all open-source software relies on the GPL.

COURTING CONFUSION. Guess what? In the coming months, your company may very well hear from those involved in updating the GPL. The next version of the license is being drafted now under the direction of the Free Software Foundation. This may be the first time in history that customers themselves have been asked to help define the terms of a software license this important and widely used. That's good for everyone. It also gives another meaning to the "give back" provisions of the GPL. It's a practice that other software creators may want to embrace, I think.

Many advocates of open source, however, have been criticized for the proliferation of too many software licenses. I believe this criticism is justified. Part of my job as the CEO of Open Source Development Labs is working with the development community, large customers of Linux and open-source software, and global information-technology vendors to tap leading legal experts in the industry to try to halt this practice.

Who cares about a lot of licenses? You should.

Full Article.

More in Tux Machines

Games: Ostriv, Back to Bed, EVERSPACE, Hiveswap: Act 1

Openwashing and Microsoft FUD

BlueBorne Vulnerability Is Patched in All Supported Ubuntu Releases, Update Now

Canonical released today new kernel updates for all of its supported Ubuntu Linux releases, patching recently discovered security vulnerabilities, including the infamous BlueBorne that exposes billions of Bluetooth devices. The BlueBorne vulnerability (CVE-2017-1000251) appears to affect all supported Ubuntu versions, including Ubuntu 17.04 (Zesty Zapus), Ubuntu 16.04 LTS (Xenial Xerus) up to 16.04.3, Ubuntu 14.04 LTS (Trusty Tahr) up to 14.04.5, and Ubuntu 12.04 LTS (Precise Pangolin) up to 12.04.5. Read more

Security: Updates, 2017 Linux Security Summit, Software Updates for Embedded Linux and More

  • Security updates for Tuesday
  • The 2017 Linux Security Summit
    The past Thursday and Friday was the 2017 Linux Security Summit, and once again I think it was a great success. A round of thanks to James Morris for leading the effort, the program committee for selecting a solid set of talks (we saw a big increase in submissions this year), the presenters, the attendees, the Linux Foundation, and our sponsor - thank you all! Unfortunately we don't have recordings of the talks, but I've included my notes on each of the presentations below. I've also included links to the slides, but not all of the slides were available at the time of writing; check the LSS 2017 slide archive for updates.
  • Key Considerations for Software Updates for Embedded Linux and IoT
    The Mirai botnet attack that enslaved poorly secured connected embedded devices is yet another tangible example of the importance of security before bringing your embedded devices online. A new strain of Mirai has caused network outages to about a million Deutsche Telekom customers due to poorly secured routers. Many of these embedded devices run a variant of embedded Linux; typically, the distribution size is around 16MB today. Unfortunately, the Linux kernel, although very widely used, is far from immune to critical security vulnerabilities as well. In fact, in a presentation at Linux Security Summit 2016, Kees Cook highlighted two examples of critical security vulnerabilities in the Linux kernel: one being present in kernel versions from 2.6.1 all the way to 3.15, the other from 3.4 to 3.14. He also showed that a myriad of high severity vulnerabilities are continuously being found and addressed—more than 30 in his data set.
  • APNIC-sponsored proposal could vastly improve DNS resilience against DDoS