Bonum Certa Men Certa

Free Software Licence Compliance is About Security Too

posted by Roy Schestowitz on Nov 03, 2024,
updated Nov 03, 2024

Electric Pylon at Georgia, USA.

Is security a real goal? The chief used to be Microsoft staff despite Microsoft working on back doors. Now:

Kris Borchers is a Technical Project Manager at the OpenSSF with 20 years of experience in open source and software development. He previously led GM Financial’s Open Source Program Office, focusing on risk management and community engagement. Prior to that, Kris managed technical programs at Microsoft and served as Executive Director of the JS Foundation, where he played a key role in driving innovation and growth in the open source community. He specializes in project management, stakeholder engagement, and open source strategy.

SOMEONE has pointed out to us that, in the context of the Linux Foundation (LF), "strip-mining" of Free software is also a problem for security. Under the LF they're relicensing code (now it's the Academy, according to The Register*), outsourcing it to Microsoft, and sharing it less or under more restrictive terms.

But then there's the aspect of security.

"The strip-mining of FOSS," someone has said, "leads to an alternative branch of Linux which is effectively closed source, proprietary abandonware. Once in production, proprietary abandonware remains as it was when it was shipped and thus unpatched even in the face of ongoing CVEs. Eventually some of the CVEs lead to remote exploits, the result will be falsely blamed on 'Linux' rather than the illegal, proprietary fork which was subsequently modded and then abandoned. There are *HUGE* repercussions here for embedded systems, especially routers. The inevitable result of unmaintained, closed source, proprietary on routers and switches will lead to a new form of bot net."

The Register recently ran this piece about Torvalds. "Unlike some tech bros," it said, "the world’s most famous software developer [Torvalds] sees his car as an appliance not an appendage. He reckons it runs Linux, “but I don’t touch it”."

So it's Linux as de facto proprietary off-the-shelf platform. How many of these products will be properly updated?

_____

* It also reveals that IBM has managed to scare away many users. To quote: "With the latest two versions of Rocky Linux taking 80 percent of the studio workstation market, but AlmaLinux just under 12 percent, it also rather confirms our suspicions about those projects' relative success – but that's not important right now."

Other Recent Techrights' Posts

Phoronix Seems to be Trying to Kill Discussion About "Asahi Lina" and the Anti-Torvalds Brigade
Our informed guess is that by reporting this news Phoronix got caught up in flamewars that divide and fracture the community
Facts on the Case Already Disclosed by US Authorities
NGOs in the UK (several keep abreast of this, judging every recent move) are truly unimpressed
The Times Group (and The Times of India) Basically Died Again
This time a death by LLM slop/plagiarism
"Rust People" Are a Threat to BSD Too (the Licence Isn't the Main Issue, Nor is the Proprietary Microsoft Hosting)
BSDs aren't written in Rust, so BSD developers should buckle up
Sami Tikkanen Explains Rust Language and Its Goals
"Sompi" (the nickname of Sami Tikkanen) has weighed in
Mauritius: Windows at All-Time Low, Down From 96% to 17%
Put in simple terms, people choose to connect from the "phone" (running Linux), not some laptop running Windows
Many IBM Layoffs Reported Today in Europe and North America
there's definitely a lot going on today
The GNU Manifesto is 40. Here's the Original Print (1985).
Some unpleasant people want to replace GNU with Microsoft-controlled (GitHub) Rust copycats
Unixmen Seems to Have Died After Turning Into a Slopfarm and Spamfarm, Is LinuxSecurity.com Next?
Better to not publish anything at all than to resort to fake garbage.
What Happened to the Open Source Initiative (OSI) Elections: More People Begin to Speak Out
Kuhn set another bonfire ablaze
 
Claiming to Love What You Reject or Seek to Totally Own, Control
The Russia analogy is political
LinuxTechLab Became Just LLM Slop and SPAM
Another dead (former "Linux") site
The Rust Song
It's about control
The Death of The Economic Times (India Times): LLM Slop Presented as 'Articles', Containing Errors and Revisionism
They'd be better off shutting down operations with some dignity than resort to bots giving the false impression (illusion) of authorship
In Belgium, Android is Finally Measured as Bigger Than Windows
In Belgium, the lobbying capital of Microsoft, it wasn't easy to get there
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, March 18, 2025
IRC logs for Tuesday, March 18, 2025
Links 19/03/2025: Gardening Season and the Web Without an Audience
Links for the day
Links 18/03/2025: ‘Meritless’ Defamation Suit Thrown Out, InterDigital Software Patents Headed for the Bin Too
Links for the day
These Strange Web Statistics From The Bahamas Show Windows Falling From 93% to Less Than 5%
There are about half a million there
Gemini Links 18/03/2025: Weather and Resisting "MAGA"
Links for the day
Links 18/03/2025: New Apple Blunders and Windows Disliked by Users
Links for the day
Once Again 'Losing Track' of Who the Clients Are, The Serial Harasser and Strangler from Microsoft
Timing is everything
2025 Rumours of IBM Layoffs in Marketing Likely True, Online Powwow Drops More Clues
Expect over 10,000 layoffs this year (at IBM alone)
Android (With Linux) Rises to Record Highs in Hong Kong and in Macao
Looking quite bad for Microsoft
Distractions. Distractions Everywhere.
distracting from the real solution
EPO Concerns About the Education and Childcare Allowance Reform (ECAR) and School Liaison Officer (SLO)
The public deserves to know as it impacts thousands of families
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, March 17, 2025
IRC logs for Monday, March 17, 2025
Links 17/03/2025: Weather Changing and Connecting Docker to Localhost
Links for the day
Microsoft Windows Barely Exists in Haiti Anymore
This trend in Haiti is a "story in progress"
The EPO Might Face Critical 'Brain Drain' (Abandonment by the Most Experienced Patent Examiners) This Year
"a number of colleagues might feel compelled to inform the Administration before the end of May 2025 of their intention to retire as of 1 December 2025."
Links 17/03/2025: Forced Labour and Memory on Tenstorrent
Links for the day
Links 17/03/2025: Live Nation’s DOJ Antitrust Battle Carries on, as Does the Demise of the "Hey Hi" Bubble
Links for the day
Links 17/03/2025: "Badly Misled About Covid" and "Gag of America"
Links for the day
The Lie or Half-Truth of Clownflare (or Equivalents) Improving Things
It may seem "cheap" (temporarily) and "fast", but that's just bait
Free Speech Around the World is Curtailed in the Name of "Protecting Us"
We have spent many years speaking about how to combat this trend
Enshittification of Online Media
Now more than ever we must fight for independent press
War Readiness Means Removing Every Windows Installation and CALEA-Compliant Equipment
Finland is vulnerable for a whole bunch of reasons
Reporting Facts is Not a Privacy Violation
Techrights has long valued and defended privacy
In the Russian Federation (Russia), Microsoft Isn't Even the 1%
the government builds "homegrown" (not pertinent parts of them) distros with which to replace Microsoft, not just Windows
Gemini Links 17/03/2025: "Hack the Planet", Klingnauer Stausee, and Enshittification
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, March 16, 2025
IRC logs for Sunday, March 16, 2025