Interview With Jon Callas of PGP Corp 18
LogError writes "Jon Callas, one of the co-founders of the new PGP Corporation, is an innovator and an acknowledged expert in all major aspects of contemporary business security, including cryptography, operating system security, public key infrastructure, and intellectual property rights. Read the interview at Help Net Security."
Intersting read (Score:4, Insightful)
from the article:
We haven't quite worked out the details of PGP's open source license, but here are the goals I have, pending language:
If you have a legally obtained copy of PGP, then you read, compile, modify, hack, etc. the source for that type of PGP you have, for your own purposes and not for redistribution. What I mean by this is that if you have PGP freeware (which you are using for non-commercial use), then you may do all those things with PGP freeware. If you bought a copy of the retail product, then you may do those things with the retail product or the freeware product.
Sounds to me like the Microsoft "Shared Source is Open Source, just improved" drivel. I think he mistakes open source with commercial source licenses, and I think I will stick with GPG.
Re:Intersting read (Score:2, Insightful)
Wow...three whole posts, one on topic...anyway, from the article w.r.t. being able to modify the source, but not distribute:
This isn't quite the same as what some other open source people believe constitutes "open source," but our philosophy on source is completely in line with the principles that the FSF and LPF were founded to defend -- the right to look under the hood.
I was under the impression that the FSF liked that, but felt that the main freedom of Free software was the ability to modify, and then distribute free versions, which isn't what they are allowing.
There was also talk of a Linux version -- if the source is avalible, all they have to do is ask the community (for the freeware version, anyway). Personally, I'll be sticking to GPG I think.
Re:Intersting read (Score:1)
Re:Intersting read (Score:2, Insightful)
it sounds to me like distributors won't be allowed to bundle binaries of their code. possibly not even source packages, much less unmodified source.
reading the article I see...
What is your perspective on full disclosure of vulnerabilities?
I am a proponent of full openness. I'm a proponent of published source code, so by necessity vulnerabilities will be disclosed -- just look at the differences in the source.
Sounds to me like diff files wouldn't be out of the question... I would hope that were the case at least. I have nothing against them making money on the product. As a matter of fact, I hope they make a boatload and encryption finally gets to be mainstream. But I think no source in the name of profit would be terribly limiting to development, because no source equals no trust in my book. I couldn't fully trust an encryption product that wasn't open to peer review...
Last Post! (Score:1)
pushed '1' and he just stood there... I said 'Hi, where you going?' He
said, 'Phoenix.' So I pushed Phoenix. A few seconds later the doors
opened, two tumbleweeds blew in... we were in downtown Phoenix. I looked
at him and said 'You know, you're the kind of guy I want to hang around
with.' We got into his car and drove out to his shack in the desert.
Then the phone rang. He said 'You get it.' I picked it up and said
'Hello?'... the other side said 'Is this Steven Wright?'... I said 'Yes...'
The guy said 'Hi, I'm Mr. Jones, the student loan director from your bank...
It seems you have missed your last 17 payments, and the university you
attended said that they received none of the $17,000 we loaned you... we
would just like to know what happened to the money?' I said, 'Mr. Jones,
I'll give it to you straight. I gave all of the money to my friend Slick,
and with it he built a nuclear weapon... and I would appreciate it if you never
called me again."
-- Steven Wright
- this post brought to you by the Automated Last Post Generator...