McAfee Worried Over "Ambiguous" Open Source Licenses 315
willdavid writes to tell us InformationWeek is reporting that McAfee, in their annual report, has warned investors that "ambiguous" open source licenses "may result in unanticipated obligations regarding [McAfee] products." "McAfee said it's particularly troubling that the legality of terms included in the GNU/General Public License -- the most widely used open source license -- have yet to be tested in court. 'Use of GPL software could subject certain portions of our proprietary software to the GPL requirements, which may have adverse effects on our sales of the products incorporating any such software,' McAfee said in the report filed last month with the Securities and Exchange Commission. Among other things, the GPL requires that manufacturers who in their products use software governed by the license distribute the software's source code to end users or customers. Some manufacturers have voiced concerns that the requirement could leave important security or copyright protection features in their products open to tampering."
well... (Score:1, Insightful)
You can't have your cake and sell it too !!
What's the problem? (Score:5, Insightful)
Just another piece of FUD.
Fine. (Score:4, Insightful)
just lazy companies. (Score:5, Insightful)
Re:I don't get it (Score:5, Insightful)
The article isn't very clear on this point but it sounds like McAfee is almost admitting they violated the GPL and are about to end up in court.
Missing the point (Score:3, Insightful)
Uh, that's the very idea of the GPL. It lets people who bought the product use it in any way they see fit, which includes "tamnpering" with it. It even allows you to redistribute it. The only thing it prevents is redistribution under a different license without permission. Didn't anyone give McAfee the memo?
Re:I don't get it (Score:5, Insightful)
Much security software is already open-source: encryption, firewall, virus scan, etc. The fact is that there is no inherent security problem with GPL software. McAfee just appears to have a problem with the licensing.
Yes it seems like they would like to have their open source cake and eat it too.
Re:I don't get it (Score:5, Insightful)
By their logic it would be trivial to hack into a Linux computer because it is open-source, and next to impossible to hack into a Microsoft computer.
SEC Risks (aka Just Slashdot Laziness ) (Score:3, Insightful)
Re:Since when do software licenses... (Score:3, Insightful)
No. The conditions are still subject to
a) common law
Extreme example: you can't demand the firstborn for the use or distribution of the work.
b) interpretation by court
The legal meaning is finally determined by judges.
Re:Lone programmer, against company policy (Score:4, Insightful)
Their best bet is to tighten up on their recruitment and code review processes. That would certainly beat complaining that it MAY turn out that some of their employees may be breaking various laws and that if they are then the victims may be gosh darned unreasonable about it.
Re:Obviously they are worried (Score:4, Insightful)
When all software is open source, there will be so much of it that the scope for virus infection is wider and products that monitor system calls and does intrusion detection will have more market.
McAffee's real problem is that Windows gets more and more locked down and fine grained capability permissions are being applied. The days of the blanket anti-virus product are numbered in the business world balanced against the rise of the dedicated software administrator.
Re:I don't get it (Score:4, Insightful)
They have a very simple solution, then, don't they? Do their own graft, write their own damn software, and stop freeloading off the community.
Re:Lone programmer, against company policy (Score:3, Insightful)
If you don't have sufficient code review processes in place, and you don't know where your employees are copying code from, that's very much your problem. McAfee may be that unprofessional, but if they are they deserve everything that's coming to them.
Re:I don't get it (Score:4, Insightful)
Quite a few bugs are obvious to the experienced programmer.
Many are not obviously bugs, but are obviously "bad practice" which will often lead to bugs.
Once a proficient programmer re-factors "ugly" (full of "bad practice") code, most flaws also become obvious.
Re:I don't get it (Score:5, Insightful)
Do their own graft, write their own damn software, and stop freeloading off the community.
What kind of leftie, tree-hugging nonsense is that? Expecting corporations to accept responsibility when there is shareholder value to consider, quarterly numbers to make and fat bonuses to earn.
Accountability...I can't believe such a radical concept will ever fly. The American corporate way is to have our cake, eat it too and expense the bill as entertainment.
Re:I don't get it (Score:3, Insightful)
pretty much something of a non-issue.
You can't legally distribute to someone an install done this way, or provide an installation that ships directly with the NVidia
drivers, but you can ship a Linux install that can make it easy for someone and you can always turn it off/remove the offending
binary blob when you hand someone a machine you've been using the driver on. Since usage is not controlled by the GPL grant,
and there's no directly infringing pieces involved everyone just grouses about the blob NVidia provides, asks if they'll ever
do like AMD and Intel are in the process of doing, and goes on.
Re:Not Just McAffee (Score:3, Insightful)
Here's an example: I was doing evaluations of the two open source identification products available today (from Black Duck and Palamida), and I found an instance where it appeared that code that was originally released under the GPL had found it's way into code that was released under the Apache license. I did some due diligence on this, looking back in the repositories to see when the initial checkins had been done to determine which project had the code first. Admittedly, that's not fool proof, but was the best I could do under the circumstances.
So, now imagine if someone in good faith takes the code from the Apache licensed project and uses it in their proprietary product. They comply with the Apache license. Then someone from the GPL project comes along and says "Hey! You're using OUR code that was made available under the GPL, you have to release the source code for your product." Legally speaking, that could be the result. And some people don't want to take that chance.
Nope (Score:3, Insightful)
Refactoring means modifications of the code that are not supposed to alter its functionality. Things like renaming variables or moving code or data from one place to another.
I re-factor a lot of code, much of it I did not write (but sometimes its my old code where I didn't get it perfect or account for future developments).
Semantic transformations of code that do not alter functionality allow you to remain relatively sure that you are not breaking anything (especially if there's good test coverage) while fixing a bad design, or after having found a novel way to reduce code duplication or such. Once code duplication and tight coupling was removed or reduced, adding new functionality, finding and fixing bugs is much easier.