Phillip Macey wrote: >Actually, even if you don't release your source someone can easily re-distribute a look alike program with trojan's included. Just write a new program and mimic the user interfaces. Once the trojan is installed, bomb out with an error message. The unfortunate people who ran it will not know any better other than thinking TGP is a buggy program and not worth the bother of trying it again. How can I know that you are not releasing a program with a trojan buried within it somewhere?
Correct. How can I know the copy of [insert open source program here] isn't a modified copy or a look alike trojan? Yes, there are authoritative sites which have hashed and signed packages but think about the myriad of different distributions that people use and how few of actual end users actually use the origin project's distribution. Most distributions have procedures to address this. No matter where you are getting software on the internet, there is a chain of trust that is implied in the decision to obtain and rely on whatever the software is. Trust in the technical and process mechanisms for development, and packaging, and the people executing them faithfully. I am not sure the point really says anything about TGP versus any other software one might obtain. The other thing to consider here is the userbase likely to know of and use an application like TGP. This isn't Microsoft Office. This is a specialty privacy/encryption application that has been announced to a subset of security conscious users. This email discussion is probably at a higher level of critical use analysis than some huge proportion of software on the internet will ever get before the end user clicks download. >Both open and closed source have their place but yours is not a good reason to be closed. For the record, Im not trying to convince you that you should release the source.. It is yours to do what you want with. You don't need a reason to keep it to yourself if thats what you want to do. I am also not trying to suggest that you are releasing a trojan or incorrect implementation (I really dont have any way to tell) ;-) Oh, really? What *IS* a good reason to close source? I like the concept of open source. I like the opportunity to choose from a myriad ways to license your software to a general community and potentially provide the opportunity for others with experience in other areas, and different skills and viewpoints, to make improvements on that software and potentially make those improvements available to others. The modern open source "movement" is just that - its almost like religion. If you, as an individual developer, make the choice to release a closed source binary, in some circles you have shown yourself to be a barbarian heathen because you have not incorporated the software freedoms that this person or that person expects. As the developer, it should be your choice to choose the model under which you intend for your application to exist in the user ecosystem. It is one thing to suggest a different model that might have benefits for an application. It is quite another to imply that one should not have the ability to make that choice simply because they are the author and do not want to use an open source model. -W
