Bonum Certa Men Certa

Free Software Licence Compliance is About Security Too

posted by Roy Schestowitz on Nov 03, 2024,
updated Nov 03, 2024

Electric Pylon at Georgia, USA.

Is security a real goal? The chief used to be Microsoft staff despite Microsoft working on back doors. Now:

Kris Borchers is a Technical Project Manager at the OpenSSF with 20 years of experience in open source and software development. He previously led GM Financial’s Open Source Program Office, focusing on risk management and community engagement. Prior to that, Kris managed technical programs at Microsoft and served as Executive Director of the JS Foundation, where he played a key role in driving innovation and growth in the open source community. He specializes in project management, stakeholder engagement, and open source strategy.

SOMEONE has pointed out to us that, in the context of the Linux Foundation (LF), "strip-mining" of Free software is also a problem for security. Under the LF they're relicensing code (now it's the Academy, according to The Register*), outsourcing it to Microsoft, and sharing it less or under more restrictive terms.

But then there's the aspect of security.

"The strip-mining of FOSS," someone has said, "leads to an alternative branch of Linux which is effectively closed source, proprietary abandonware. Once in production, proprietary abandonware remains as it was when it was shipped and thus unpatched even in the face of ongoing CVEs. Eventually some of the CVEs lead to remote exploits, the result will be falsely blamed on 'Linux' rather than the illegal, proprietary fork which was subsequently modded and then abandoned. There are *HUGE* repercussions here for embedded systems, especially routers. The inevitable result of unmaintained, closed source, proprietary on routers and switches will lead to a new form of bot net."

The Register recently ran this piece about Torvalds. "Unlike some tech bros," it said, "the world’s most famous software developer [Torvalds] sees his car as an appliance not an appendage. He reckons it runs Linux, “but I don’t touch it”."

So it's Linux as de facto proprietary off-the-shelf platform. How many of these products will be properly updated?

_____

* It also reveals that IBM has managed to scare away many users. To quote: "With the latest two versions of Rocky Linux taking 80 percent of the studio workstation market, but AlmaLinux just under 12 percent, it also rather confirms our suspicions about those projects' relative success – but that's not important right now."

Other Recent Techrights' Posts

It's FOSS? No, It's SPAM.
Another sellout
Another Massive Blow to the Web
This is awful news and it neatly relates to topics that we covered this morning
All the Latest Five Blog Posts at OSI's Blog Are Written by a Microsoft Operative Salaried by Microsoft
"Open Source" no longer means anything
 
Gemini Links 07/12/2024: Leasehold and NNTP
Links for the day
Fun Statistics About Techrights (Almost a Quarter Million Files)
Here are some raw numbers
PIP (Performance Improvement Plan) as an Instrumental But Largely Hidden (From the Public) Extra Layer of IBM's Workforce Reductions
The morale at IBM is really bad
Microsoft Money: From Bribing Bloggers to SLAPPing Bloggers
Microsoft money, different strategy?
Belgium: Windows Falls to Quarter of the Market, Mobile Devices Outsell or Overtake Desktops/Laptops on the Web
Microsoft has no operating system for 'smartphones'
Links 07/12/2024: CALEA Back Doors Backfiring, Fentanylware's (TikTok) U.S. Ban a Step Closer
Links for the day
statCounter: GNU/Linux Rises Sharply to All-Time High in Republic of South Korea
Notice how sharp the rise is!
Legacy of a Dying World Wide Web
Many people truly believe they're "stars" in social control media
Google Does Not Have a Search Engine Anymore
Google wants to "retain" users for more "screen time" and influence over their minds; it does not save you time, it's manipulating you
[Meme] Automattic: Host With Automattic, We'll Handle Our Own Complexity for You
The RHEL modus operandi (more so with systemd)
Finding Peace With Less
There seems to be a growing consensus (speaking to other editors helps confirm this) that the Web is going in a very bad direction
Links 07/12/2024: DEI Chopped by University of Michigan, French and South Korean Governments in Turmoil
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, December 06, 2024
IRC logs for Friday, December 06, 2024
Links 06/12/2024: Meal Changes and Internet Nostalgia
Links for the day
Brittany Day (linuxsecurity.com) Reposing Linux Foundation/Microsoft FUD Using LLMs, Probably Controlled by Microsoft
Plagiarised FUD by LLMs
Three Months
Next week on Tuesday our sister site turns 20.5
Links 06/12/2024: Promotion of Fake and Illegal Patent 'Court' (UPC), South Korean Strikes, and More Bailouts at Taxpayers' Expense
Links for the day
Links 06/12/2024: Alarm Raised in EU Over Meddling and Destabilisation by TikTok, Strong Criticism of 'Open'AI
Links for the day
In France, Android Skyrockets to 52%, Windows Falls to 26%
even in rich countries across Europe Windows is rapidly losing "market share"
When News Sites Become Shopping Catalogues Disguised as 'Reviews' or 'Articles'
Sometimes Fagioli uses HEY HI (AI, LLMs actually) to make 'articles' about HEY HI
[Meme] Hit and Run with SLAPP
Microsoft staff versus Techrights
[Meme] When You Go Against Corporate Front Groups and Shills of Moneyed Interests (EDRi is Microsoft-Compromised Now)
The "golden rule" is, follow the gold
The Register Exposed Many IBM Scandals, Lawsuits, and Secret Layoffs. Now IBM Pays The Register.
Hush money?
IBM Told the Media the Secret Mass Layoffs Would Carry on Till End of November, But They Still Happen This Month
"My team of 9 people had 4 regulars and 5 contractors. All contractors gone."
All the Red Flags in New Linux Foundation Report
How telling...
Gemini Links 06/12/2024: Shrinkflation and Working at Google
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, December 05, 2024
IRC logs for Thursday, December 05, 2024
[Meme] Shooting the Messenger
"you needn't refute the message, just take out the messengers"
Software Freedom Conservancy (SFC) Associate Sued Us for Publishing Perfectly Accurate Article About SFC; We Sued Them for Harassment
SFC and its associates aren't nice people
Fantastic Journalism by Brian Fagioli
A lot of today's Web, even "news" sites, is spam
Techrights Does Not Forget
Techrights has many anti-censorship mechanisms
Windows Has Fallen to All-Time Low in India
In India, only about 1 in 8 Web requests comes from Windows
Microsoft Criminals: Law Enforcement is the Real Problem
deflecting the issue and resorting to projection
[Meme] They Dropped the L (Libre and Law)
SFLC, could I borrow 75% of your letters?
Companies That the Software Freedom Conservancy (SFC) Will Censor the Community for, Using Their Very Large CoC
also exploiting poor (and sexually abused) women from eastern Europe
Software Freedom Conservancy (SFC) Has Asked a Blogger to Delete This Page About the SFC, So We Reproduce It in Full Here
Censored article
The Free Software Foundation (FSF) Has Raised More Than Three Times More Money Than the Software Freedom Conservancy (SFC), Which Mostly Gets Money From Corporations, Including Microsoft
Do not donate any money to copycat organisations. It's worse than money down the river because your money might get spent attacking and even defaming the originals.
Increasing Productivity With Less Hardware, Little Power, and Fewer CPU Cycles (and Far Less Digital Waste in General)
A lot of people who glance at our PCs (as they visit us) act a bit baffled, as much of what we're using is a bunch of terminals and some text editors
Gemini Protocol Keeps Getting Better (Less and Less Reliance on Centralised Certificate Authorities)
Reliable systems do not depend on third parties, only themselves
Why We Moved to Perl and Dumped PHP Last Year
Elongating the lifetime of the underlying stack
Links 05/12/2024: Explaining the South Korea Chaos and French PM Barnier's Government Already Disintegrating
Links for the day
Gemini Links 05/12/2024: Domain Changes, Griping With Haskell
Links for the day
Links 05/12/2024: Mass Layoffs at Microsoft's PR (Bribery of Media) Agency, UnitedHealthcare CEO Shot Dead
Links for the day
GNU/Linux news for the past day
GNU/Linux news for the past day
IRC Proceedings: Wednesday, December 04, 2024
IRC logs for Wednesday, December 04, 2024
Links 05/12/2024: Formaldehyde and Cancer, US and China Boycotting One Another
Links for the day
Gemini Links 05/12/2024: Hermeticism, Living in the Shell, and More
Links for the day
At the OSI, Microsoft Operative (Funded by Microsoft) Promotes Proprietary Software of Microsoft
The OSI is deeply corrupt. The good news is, it's barely hiding it anymore.