Definitely what I call "disclosed source". I doubt they'd license with an open source license, let alone accept external commits. As long as the license allows review, static analysis, debugging compilation, etc. -- i.e., things needed for technical evaluation -- that's a good thing. Right?
best, Joe On Fri Oct 4 12:02:11 2013, Karl Fogel wrote: > Petter Ericson <pett...@acc.umu.se> writes: >> So, Silent Circle (well, Silent Phone) is finally open source! > > Thank you, Petter -- it sounds like this release was a lot of hard work. > But it doesn't appear to be actually open source. At least, I couldn't > find a license file containing an open source license. Actually, I > didn't see any license file at all, so I went looking for a source file, > and the first one I found was: > > > https://github.com/SilentCircle/silent-phone-android/blob/master/src/com/silentcircle/silentphone/TiviPhoneService.java > > ...which contains this license header in a comment at the top: > > > Copyright © 2012-2013, Silent Circle, LLC. All rights reserved. > > > > Redistribution and use in source and binary forms, with or without > > modification, are permitted provided that the following conditions are > met: > > * Any redistribution, use, or modification is done solely for personal > > benefit and not for any commercial purpose or for monetary gain > > * Redistributions of source code must retain the above copyright > > notice, this list of conditions and the following disclaimer. > > * Redistributions in binary form must reproduce the above copyright > > notice, this list of conditions and the following disclaimer in the > > documentation and/or other materials provided with the distribution. > > * Neither the name Silent Circle nor the > > names of its contributors may be used to endorse or promote products > > derived from this software without specific prior written permission. > > > > [...] > > That first term is incompatible with open source (prohibition on > commercial use means it's not open source). For clarification: > http://opensource.org/faq#commercial > > Of course, I'd love to see the code switched to an open source license, > and am happy to help you choose one, if you'd like help. A good place > to start is http://opensource.org/licenses. > > Having the code visible to the world is still a gain from a security > perspective, and I don't mean to diminish that. However, "visible" is > not the same as "open source". > > Best, > Karl > >> At least, the previous version, with the next one coming "in a couple of >> weeks". >> >> This, to me, is absolutely wonderful news, as it is finally possible to get a >> proper security audit of the whole shebang. >> >> Github issue: https://github.com/SilentCircle/silent-phone-base/issues/5 >> >> The released repo: https://github.com/SilentCircle/silent-phone-android >> >> /P >> >> From: Jim Burrows <notificati...@github.com> >> Subject: Re: [silent-phone-base] Impact of ZRTP library critical security >> vulnerabilities (#5) >> To: SilentCircle/silent-phone-base <silent-phone-b...@noreply.github.com> >> Cc: pettter <pett...@acc.umu.se> >> >> @pettter, "Soon" is today, well, actually last night. >> >> We've just released the sources to Silent Phone for Android >> V1.6.5. And, yes, we released them one week after we released 1.6.6 to >> the Play Store, so they're a little bit stale, *BUT*... what delayed >> us was making sure that they were buildable from the GitHub repo >> outside our build environment. That means, assuming we got it right, >> that you can check out our repo here on GitHub, build your own APK, >> install it on your phone and run it instead of our Play Store version. >> >> And to make lemonade out of the lemons of being one release behind, we >> plan on releasing 1.6.6 in a couple of weeks, so, if you try to build >> 1.6.5 and find that we blew it somehow, you can post an issue here and >> we've already got a release planned to fix it in. >> >> I'm really sorry that "soon" took this long. It was absolutely NOT my >> plan, but this summer has been really really hectic (for obvious >> reasons) and we're a small company with limited resources. The >> slowness has really frustrated me, as has the fact that when I yell, >> "What idiot set those priorities?" each time something delayed posting >> here, the answer was always "me". I can try to blame all the Snowden, >> NSA, Prism brouhaha and the time and resource pressures it has put us >> under, but in the end, I'm the one who grits his teeth and says, "Yes, >> that's more important than the GitHub release. Make it so." >> >> I'd be happy to have you sympathize with me for the decisions I've >> faced this summer, but I absolutely would not disagree with you if you >> blamed me for the delay. I own it. >> >> Silent Phone for iOS sources, Silent Text for Android, and then Silent >> Phone for Android 1.6.6 source releases are all in the pipeline, and >> if you'll forgive me for using a word that I myself have sullied, they >> should all be here "soon". >> >> ---------- -- Joseph Lorenzo Hall Senior Staff Technologist Center for Democracy & Technology 1634 I ST NW STE 1100 Washington DC 20006-4011 (p) 202-407-8825 (f) 202-637-0968 j...@cdt.org PGP: https://josephhall.org/gpg-key fingerprint: BE7E A889 7742 8773 301B 4FA1 C0E2 6D90 F257 77F8 -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
