|
|
|
|
|
|
by Dayshine
2330 days ago
|
|
|
The source code will indicate where/how the data is input, processed and stored. It might help an attacker compromise the application in any number of ways. There's non-trivial risk there, enough to make it an ethical concern. So, in order to use AGPL software, you have to open source your entire source code, which means you have to go through a long and arduous risk assessment which will likely decide you can't. |
|
|
Many academics and charities don't provide services, so it doesn't affect them.
When you write "enough to make it an ethical concern", is that a hypothetical concern of your own making?
Many academics must go through institutional review boards or other ethics committees.
Many academics also develop and distribute free software for analyzing sensitive data where IRB oversight is required.
If what you are saying is a real concern, then I expect it would have been brought up long ago.
Can you point to examples?
I believe your argument is equivalent to those saying that Linux-based free OSes cannot be used for secure platforms because the source code is available, so anyone can potentially break in.
So why is it that many people doing research which requires IRB oversight use Linux-based OSes?
I agree with tokai - you're arguing for security-by-obscurity, and there's no evidence that that increases security.
I think the evidence shows that the ethical concerns you suggest don't actually exist.