Free Software Licence Compliance is About Security Too
Is security a real goal? The chief used to be Microsoft staff despite Microsoft working on back doors. Now:
SOMEONE has pointed out to us that, in the context of the Linux Foundation (LF), "strip-mining" of Free software is also a problem for security. Under the LF they're relicensing code (now it's the Academy, according to The Register*), outsourcing it to Microsoft, and sharing it less or under more restrictive terms.
But then there's the aspect of security.
"The strip-mining of FOSS," someone has said, "leads to an alternative branch of Linux which is effectively closed source, proprietary abandonware. Once in production, proprietary abandonware remains as it was when it was shipped and thus unpatched even in the face of ongoing CVEs. Eventually some of the CVEs lead to remote exploits, the result will be falsely blamed on 'Linux' rather than the illegal, proprietary fork which was subsequently modded and then abandoned. There are *HUGE* repercussions here for embedded systems, especially routers. The inevitable result of unmaintained, closed source, proprietary on routers and switches will lead to a new form of bot net."
The Register recently ran this piece about Torvalds. "Unlike some tech bros," it said, "the world’s most famous software developer [Torvalds] sees his car as an appliance not an appendage. He reckons it runs Linux, “but I don’t touch it”."
So it's Linux as de facto proprietary off-the-shelf platform. How many of these products will be properly updated? █
_____
* It also reveals that IBM has managed to scare away many users. To quote: "With the latest two versions of Rocky Linux taking 80 percent of the studio workstation market, but AlmaLinux just under 12 percent, it also rather confirms our suspicions about those projects' relative success – but that's not important right now."