Hacker News new | ask | show | jobs
by exprez135 2248 days ago
One note: the README lists one of the objectives as to "Remain open source for independent verification", but the project is licensed under the MIT license. Since it's being designed to be a turn-key solution for governments to use, wouldn't this allow them to distribute closed-source and (potentially maliciously) modified versions?
2 comments
geofft 2247 days ago
1. You can't put GPL'd apps on the Apple App Store, because the terms conflict. For instance, you cannot redistribute an app you've received from the App Store. (At best you can use code with a specific waiver e.g. https://github.com/mobile-shell/mosh/blob/master/COPYING.iOS .)

2. It seems a tiny bit optimistic to expect a malicious government to abide by copyright law.

I think the goal of making this open-source is to enable third-party review to avoid innocent mistakes, not to allow you to audit that the code hasn't been maliciously and intentionally modified. There isn't a great way to audit that the binary you download from the App Store matches specific source, for instance.

link
londons_explore 2248 days ago
But license it GPL, and governments won't use it at all...
link
Avamander 2248 days ago
Oh they'll use it, but also ignore the license.

For example: https://github.com/OpenSC/OpenSC/issues/1992

link
kapilvt 2247 days ago
In the usa its more like they are free to ignore, licenses are rooted in copyright law aka ownership, per recent Supreme Court Case, states can freely violate copyright... https://arstechnica.com/tech-policy/2020/03/supreme-court-ru...
link
JoshTriplett 2248 days ago
A few private companies are allergic to GPL; there's no particular reason governments would be.
link
vageli 2248 days ago
> A few private companies are allergic to GPL; there's no particular reason governments would be.

Many large, public (as in publicly-traded) companies also have an aversion to GPL. Most enterprises that have a technology review board or legal review of software dependencies (aka any regulated industry) have a dislike for GPL in customer-facing services.

link
JoshTriplett 2247 days ago
"private companies" as opposed to "government-run", not as opposed to "publicly traded".

And no, "most" enterprises aren't averse to GPL code for usage. They certainly will have policies about making their own software depend on it, but that's different from simply using it, which was the original topic here.

link
vageli 2247 days ago
Gotcha, seems like we just have different definitions of private and using.
link