←back to thread

Libxml2's "no security embargoes" policy

(lwn.net)
277 points jwilk | 6 comments | 25 Jun 25 19:36 UTC | HN request time: 1.264s | source | bottom
Show context
kibwen ◴[25 Jun 25 22:01 UTC] No.44382195[source]
> Ariadne Conill, a long-time open-source contributor, observed that corporations using open source had responded with ""regulatory capture of the commons"" instead of contributing to the software they depend on.

I'm only half-joking when I say that one of the premier selling points of GPL over MIT in this day and age is that it explicitly deters these freeloading multibillion-dollar companies from depending on your software and making demands of your time.

replies(4): >>44382211 #>>44383593 #>>44385565 #>>44385638 #
xxpor ◴[25 Jun 25 22:03 UTC] No.44382211[source]
Why bother open sourcing if you're not interested in getting people to use it?
replies(10): >>44382234 #>>44382266 #>>44382290 #>>44382308 #>>44382317 #>>44382433 #>>44382714 #>>44382762 #>>44383194 #>>44384358 #
1. OkayPhysicist ◴[25 Jun 25 22:40 UTC] No.44382433[source]
The GPL does not prohibit anyone from using a piece of software. It exclusively limits the actions of bad faith users. If all people engaged with FOSS in good faith, we wouldn't need licenses, because all most FOSS licenses require of the acceptors is to do a couple of small, free activities that any decent person would do anyway. Thank/give credit to the authors who so graciously allowed you to use their work, and if you make any fixes or improvements, share alike.

Security issues like this are a prime example of why all FOSS software should be at least LGPLed. If a security bug is found in FOSS library, who's the more motivated to fix it? The dude who hacked the thing together and gave it away, or the actual users? Requesting that those users share their fixes is farrr from unreasonable, given that they have clearly found great utility in the software.

replies(2): >>44382798 #>>44382937 #
2. charcircuit ◴[25 Jun 25 23:34 UTC] No.44382798[source]
GPL doesn't force people to share their fixes and improvements. And there is nothing bad faith about not sharing all your hardwork for free.
replies(1): >>44382912 #
3. OkayPhysicist ◴[25 Jun 25 23:53 UTC] No.44382912[source]
It does if you then share the resulting software. And I think if you make an improvement just for your own enjoyment, you'd be a better person if you shared it back than if you didn't.
replies(1): >>44384521 #
4. SpicyLemonZest ◴[25 Jun 25 23:57 UTC] No.44382937[source]
The GPL "does not prohibit anyone" in a narrow legalistic sense. In colloquial discussions (see e.g. https://www.gnu.org/licenses/why-not-lgpl.en.html), the Free Software Foundation is quite clear that the GPL exists to stop proprietary software developers from using your code by imposing conditions they can't satisfy.
5. ahtihn ◴[26 Jun 25 05:47 UTC] No.44384521{3}[source]
A lot of software out there runs on servers and is never shared with users in a manner that matters for GPL.
replies(1): >>44384691 #
6. jenadine ◴[26 Jun 25 06:24 UTC] No.44384691{4}[source]
That's why there is AGPL to fix that "bug"

Anyway, the GPL is there to protect final users and not the maintainer of the project. And if a software is running on someone else server, you are not the user of that software. (Although you use the service and give the data, but that's another problem)