Subject: Re: JBoss aquired by Red Hat
From: Thomas Lord <lord@emf.net>
Date: Thu, 27 Apr 2006 10:57:08 -0700

 > Maybe I'm having a slow morning... but I've read this three times, and I
 > still don't understand. [....]

I'll just try again, once, from scratch.

Why would the government want to use, say, GPL for some software work
that is initially secret?    What's the benefit to the government?   
After all,
only the gov't itself and third party suppliers it hires subject to 
clearance laws
are going to work on this code.   Why does it need this kind of license?

The gov't might not need that kind of license in all cases but I can 
think of one case
where it's a good idea: the case of a derived work which starts from already
GPLed sources.

To make up an example:

The gov't includes the NSA which is ultimately under the direction of 
the president
-- we're talking about what the executive branch of the gov't is going 
to do.

Let's suppose that the NSA decides: "We would like a version of the 
Linux kernel
but with some new security features added.   For reasons X, Y, and Z, we 
think
it important that these new features be developed in secret."

The NSA finds that the best way to do this work is to hire some third 
parties -- companies
that do secret work.   Why should the NSA require that the work they get 
back is
under the GPL?   At least two reasons (I only mentioned one in the 
original reply).

One reason is so that the executive branch can later decide to release 
the result
publicly without any additional concern about the copyright of third party
additions.   The executive branch could, under some dire circumstances, 
probably
do this anyway.   Or the NSA could negotiate complex contracts with the 
suppliers
that would expand the executive branch's power to do this.   But the 
simplest and
most efficient thing is just to say from day one that, although 
initially secret, this
code is available to the government under GPL licensing.

Another reason has to do with cooperation among multiple 3rd party 
suppliers,
all separately hired to help the NSA.   While each is constrained 
against public
disclosure by secrecy laws, the GPL gives them a simple system of rights for
cooperating among themselves.   The lowered transaction costs of open source
processes are easier to achieve.

Clearer?

-t



 

Anderson, Kelly wrote:
>> Anderson, Kelly wrote:
>>     
>>> Explain to me the benefit to the government of internally 
>>>       
>> putting an 
>>     
>>> open source license (any open source licence) on sensitive military 
>>> software that it sounds like is already being shared amongst the 
>>> legitimate players?
>>>
>>>   
>>>       
>> One interesting case is the case of derived works.
>>
>> Let's suppose that the NSA wants to make some Secret additions to the
>> Linux kernel.   They have some suppliers with clearance who can
>> prepare these changes.
>>
>> Therefore, the suppliers create the derived work and now NSA has
>> a GPLed result.   Without needing any kind of special 
>> executive authority
>> or special act of contract, the executive has the right to 
>> use the program freely, study the source, and modify it.
>>
>> If next year, the executive decides "this needs to be made 
>> public", the NSA has the right to publicly distribute the 
>> code even with the vendor additions.
>>     
>
> Maybe I'm having a slow morning... but I've read this three times, and I
> still don't understand. What is the benefit to the government? Who is
> the "executive"? Are they related to the "supplier"? I'm sorry... I just
> honestly don't understand the example.
>
> -Kelly
>
>
>
>
>
> E-Mail messages may contain viruses, worms, or other malicious code. By reading the
message and opening any attachments, the recipient accepts full responsibility for taking
protective action against such code. Sender is not liable for any loss or damage arising
from this message.
>
> The information in this e-mail is confidential and may be legally privileged. It is
intended solely for the addressee(s). Access to this e-mail by anyone else is unauthorized.
>
>
>