Petter Ericson <[email protected]> writes: >So, Silent Circle (well, Silent Phone) is finally open source!
Thank you, Petter -- it sounds like this release was a lot of hard work. But it doesn't appear to be actually open source. At least, I couldn't find a license file containing an open source license. Actually, I didn't see any license file at all, so I went looking for a source file, and the first one I found was: https://github.com/SilentCircle/silent-phone-android/blob/master/src/com/silentcircle/silentphone/TiviPhoneService.java ...which contains this license header in a comment at the top: > Copyright © 2012-2013, Silent Circle, LLC. All rights reserved. > > Redistribution and use in source and binary forms, with or without > modification, are permitted provided that the following conditions are met: > * Any redistribution, use, or modification is done solely for personal > benefit and not for any commercial purpose or for monetary gain > * Redistributions of source code must retain the above copyright > notice, this list of conditions and the following disclaimer. > * Redistributions in binary form must reproduce the above copyright > notice, this list of conditions and the following disclaimer in the > documentation and/or other materials provided with the distribution. > * Neither the name Silent Circle nor the > names of its contributors may be used to endorse or promote products > derived from this software without specific prior written permission. > > [...] That first term is incompatible with open source (prohibition on commercial use means it's not open source). For clarification: http://opensource.org/faq#commercial Of course, I'd love to see the code switched to an open source license, and am happy to help you choose one, if you'd like help. A good place to start is http://opensource.org/licenses. Having the code visible to the world is still a gain from a security perspective, and I don't mean to diminish that. However, "visible" is not the same as "open source". Best, Karl >At least, the previous version, with the next one coming "in a couple of >weeks". > >This, to me, is absolutely wonderful news, as it is finally possible to get a >proper security audit of the whole shebang. > >Github issue: https://github.com/SilentCircle/silent-phone-base/issues/5 > >The released repo: https://github.com/SilentCircle/silent-phone-android > >/P > >From: Jim Burrows <[email protected]> >Subject: Re: [silent-phone-base] Impact of ZRTP library critical security >vulnerabilities (#5) >To: SilentCircle/silent-phone-base <[email protected]> >Cc: pettter <[email protected]> > >@pettter, "Soon" is today, well, actually last night. > >We've just released the sources to Silent Phone for Android >V1.6.5. And, yes, we released them one week after we released 1.6.6 to >the Play Store, so they're a little bit stale, *BUT*... what delayed >us was making sure that they were buildable from the GitHub repo >outside our build environment. That means, assuming we got it right, >that you can check out our repo here on GitHub, build your own APK, >install it on your phone and run it instead of our Play Store version. > >And to make lemonade out of the lemons of being one release behind, we >plan on releasing 1.6.6 in a couple of weeks, so, if you try to build >1.6.5 and find that we blew it somehow, you can post an issue here and >we've already got a release planned to fix it in. > >I'm really sorry that "soon" took this long. It was absolutely NOT my >plan, but this summer has been really really hectic (for obvious >reasons) and we're a small company with limited resources. The >slowness has really frustrated me, as has the fact that when I yell, >"What idiot set those priorities?" each time something delayed posting >here, the answer was always "me". I can try to blame all the Snowden, >NSA, Prism brouhaha and the time and resource pressures it has put us >under, but in the end, I'm the one who grits his teeth and says, "Yes, >that's more important than the GitHub release. Make it so." > >I'd be happy to have you sympathize with me for the decisions I've >faced this summer, but I absolutely would not disagree with you if you >blamed me for the delay. I own it. > >Silent Phone for iOS sources, Silent Text for Android, and then Silent >Phone for Android 1.6.6 source releases are all in the pipeline, and >if you'll forgive me for using a word that I myself have sullied, they >should all be here "soon". > >---------- -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at [email protected].
