On 10/11/2012 09:15 AM, Nadim Kobeissi wrote: > James, you can charge for a service and leave it as open source > software. This has been done countless times over the years and has > functioned successfully. I am not against Silent Circle costing money - > I'm against it being closed source software.
The problem is that if you have an enterprise focus, you can't sell a service, you have to sell software. Serviced-based models have certainly made inroads into the enterprise, but they still want to host security-focused stuff themselves (even if it's encrypted end-to-end). It's hard to sell an expensive site license for your software if the software is freely available. In general, I'm not actually convinced that OSS is a necessity for secure communication tools. Protocols can generally be verified on the wire, and unfortunately, the number of people who are going to be able to look at software-based cryptography and find vulnerabilities is very small -- and two of them put their names behind Silent Circle. It's certainly great if secure communication tools are open source, but I think that I'd gladly trade OSS for tools that are crisp, incredibly well polished, accessible, and a joy to use. Not that they're necessarily mutually exclusive, and not that we're necessarily going to get that here. Much has been made about the fact that Phil Z and Jon Callas are responsible for this effort, but the cryptography is the easy part. I'd be much more interested if some really great software developers or designers were starting a secure communications company. - moxie -- http://www.thoughtcrime.org -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
