On Friday 12 September 2003 07:08, you wrote: > Wolfram Kleff scripsit: > > S1. You may not violate the security of this software, its ideas, > > its protocols or structures. > > Not testable. How do you know whether a change "violates the security"?
Additionally, he has failed to define "security". The traditional definitions include any number of properties that must be enforced togeather in order to insure some level of trustability as absolute trustability is not acheivable with current methods and technology. Think about it, if a system is misconfigured, do you loose your license even if the core software is "secure"? Also, given the language in S4, does it imply that when you better learn to secure an environment that you are compelled to do so for the system in which this code is running or you'll loose your license? Is your best course of action then to remain ignorant? Failing to outline what "security" means and what to breach it means should be enough to clobber this license as proposed. It is overly vague and puts onerous and un-meetable restrictions on the user as the definition of what is secure is necessarialy dependant on security target, installation environment, and configuration. Even more onerous than this, to my mind, is the requirement of a "secure processing environment" this is verifiable. S4 seems to imply that all designs from the UART design on up of the system must be public. This is not practicable in most non-governmental environments. Regards. -- Alex Russell [EMAIL PROTECTED] BD10 7AFC 87F6 63F9 1691 83FA 9884 3A15 AFC9 61B7 [EMAIL PROTECTED] F687 1964 1EF6 453E 9BD0 5148 A15D 1D43 AB92 9A46 -- license-discuss archive is at http://crynwr.com/cgi-bin/ezmlm-cgi?3
