[ckan-dev] About the impact of AGPL License of CKAN on CKAN extensions

Ricardo Pinho ricardodepinho at gmail.com
Thu Oct 25 18:19:36 UTC 2018


Dear Bradley,
> I do agree with you on the open spirit.

It's not about spirit, it's about doing things right and in a better way!

> The concern is *about the possible security issue *because of disclosing
the code of its specific Ckan extensions,
> and the other pieces of its software that use Ckan APIs to interact with
Ckan.

"*Open source is less secure*", is on the top of the myths about open
source lists.
https://www.totaralms.com/blog/10-common-myths-about-open-source

It's false and has been proved to be exactly the opposite! You can ask
Oracle, IBM, etc
If you rely on the code being secret for guarantee it's security... you are
doomed!
If you open the code of your Ckan extensions you will have to make it more
secure, and will benefit from others easily identifing possible backdoors.
Have you ever hear about "Linus's Law"?
"given enough eyeballs, all bugs are shallow
<https://en.wikipedia.org/wiki/Linus%27s_Law>"

Other example:
*Do you use Whatsapp*, like millions of people?
Don't, it's closed source with many security issues!
Use telegram, open source, with proven encryption security algorithms...
https://telegra.ph/whatsapp-backdoor-01-16
https://telegra.ph/Why-Isnt-Telegram-End-to-End-Encrypted-by-Default-08-14

Hope this can be of any help!
Cheers,
Ricardo

zonghuanwu <zonghuanwu at huawei.com> escreveu no dia quinta, 25/10/2018 à(s)
15:27:

> Dear Ricardo,
>
>
>
> Thank you. I do agree with you on the open spirit.
>
>
>
> However, The company’s concern is not about disclosing the modified code
> of Ckan.  The concern is about the possible security issue because of
> disclosing the code of its specific Ckan extensions, and the other pieces
> of its software that use Ckan APIs to interact with Ckan.
>
>
>
> Thank you,
>
>
>
> Bradley
>
>
>
> *From:* ckan-dev [mailto:ckan-dev-bounces at lists.okfn.org] *On Behalf Of *Ricardo
> Pinho
> *Sent:* Wednesday, October 24, 2018 4:49 PM
> *To:* ckan-dev at lists.okfn.org
> *Subject:* Re: [ckan-dev] About the impact of AGPL License of CKAN on
> CKAN extensions
>
>
>
> Hi,
>
> If the authors of this amazing solution CKAN, choosed AGPL license, the
> strongest copyleft GNU license, was because are where committed on making
> available complete source code of licensed works and modifications under
> the same license.
>
> I must advise you on reading this to understand and change your mind on
> using proprietary licenses!
>
>
>
> https://www.gnu.org/licenses/why-affero-gpl.html
>
>
> *But suppose the program is mainly useful on servers. When D modifies the
> program, he might very likely run it on his own server and never release
> copies. Then you would never get a copy of the source code of his version,
> so you would never have the chance to include his changes in your version.
> You may not like that outcome. Using the GNU Affero GPL avoids that
> outcome. If D runs his version on a server that everyone can use, you too
> can use it. Assuming he has followed the license requirement to let the
> server's users download the source code of his version, you can do so, and
> then you can incorporate his changes into your version. (If he hasn't
> followed it, you have your lawyer complain to him.)*
>
>
>
> https://choosealicense.com/licenses/agpl-3.0/
>
> *Permissions of this strongest copyleft license are conditioned on making
> available complete source code of licensed works and modifications, which
> include larger works using a licensed work, under the same license.
> Copyright and license notices must be preserved. Contributors provide an
> express grant of patent rights. When a modified version is used to provide
> a service over a network, the complete source code of the modified version
> must be made available. *
>
>
>
> https://en.wikipedia.org/wiki/Affero_General_Public_License
>
>
> * The GNU Affero General Public License is designed specifically to ensure
> that, in such cases, the modified source code becomes available to the
> community. It requires the operator of a network server to provide the
> source code of the modified version running there to the users of that
> server. Therefore, public use of a modified version, on a publicly
> accessible server, gives the public access to the source code of the
> modified version.*
>
>
>
> If we believe and want to live in and Open World, we must believe there is
> no place for proprietary licenses!
>
> https://openrevolution.net/
>
> https://www.youtube.com/watch?v=gevj7sa6ZAg&t=45
>
>
>
> Cheers.
>
>
>
> zonghuanwu <zonghuanwu at huawei.com> escreveu no dia quarta, 24/10/2018
> à(s) 07:30:
>
> Will the CKAN AGPL License restrict third party CKAN extensions to be
> open-source?
>
>
>
> In other words, can a third-party CKAN extension be proprietary?
>
>
>
> Thank you in advance for the help,
>
>
>
> Bradley
>
> _______________________________________________
> ckan-dev mailing list
> ckan-dev at lists.okfn.org
> https://lists.okfn.org/mailman/listinfo/ckan-dev
> Unsubscribe: https://lists.okfn.org/mailman/options/ckan-dev
>
>
>
> --
>
> Ricardo Pinho
> _______________________________________________
> ckan-dev mailing list
> ckan-dev at lists.okfn.org
> https://lists.okfn.org/mailman/listinfo/ckan-dev
> Unsubscribe: https://lists.okfn.org/mailman/options/ckan-dev
>


-- 
Ricardo Pinho
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.okfn.org/pipermail/ckan-dev/attachments/20181025/a7993d10/attachment-0002.html>


More information about the ckan-dev mailing list