Subject: Re: anti/Law (an attempted explaination)...
From: Ian Lance Taylor <ian@airs.com>
Date: 14 Apr 1999 15:05:43 -0000

   Stephen J. Turnbull writes:

   [1]  In the GNU Manifesto sense, as the extreme case.  I would be
   interested to hear from anybody who thinks free software in itself
   might be undesirable for any reason, apart from the economic issues
   (development disincentives and right to economic compensation) we are
   familiar with.  The reason is that I may want to use "free software"
   as a goal or preference in itself in my models, and would like to know
   of any bad effects free software might have that would _not_ be
   captured by loss of incentive to create on the part of other
   developers.  (These would have to be added to the model as ad hoc
   external effects, for the moment.)  I can't think of any, myself.  :-)

Free software has the potential bad effect which has been cited by
sources as diverse as Microsoft and Larry McVoy: because free software
makes it possible to easily change the source code, it becomes easy to
introduce interoperability problems in network protocols and file
formats.  To put it another way, in some cases centralized control is
desirable; free software removes that control, reducing it to a sort
of honor system.

I don't really buy this argument myself, and I can't think of any
examples in which the freedom of the software led to an
incompatibility (I can think of various incompatibilities over the
years, such as the BSD interpretation of the TCP urgent pointer, but I
can't think of any that were due to free software).

However, I've seen the argument advanced several times, so it may
possibly be worth considering.


A variant of this is using free software in safety critical systems.
It becomes possible for the end user to modify the software, and thus,
through some sort of misunderstanding, inadvertently introduce bugs.
Admittedly, this is just a subset of the general case of using a
safety critical system in some inappropriate way.


Another reason that distributing source code can be bad is that it
magnifies insecurities.  Genuinely secure software is secure whether
or not you distribute source code.  For insecure software, on the
other hand, much as we all scoff at security by obscurity, it is quite
a bit better than no security at all.  Distributing the source code
eliminates the obscurity.


Similarly, distributing source simplifies third party deceptions, in
which a third party modifies the source code to introduce a security
hole, and then replaces the original code with the modified source
code.  As I recall, this actually happened once.  This sort of attack
is easier with the source code, because it is easier to introduce the
security hole.


I'm a free software supporter, by the way.  But I don't think it's an
unalloyed good; I just think the good significantly outweighs the bad.

Ian