Bonum Certa Men Certa

Free Software Licence Compliance is About Security Too

posted by Roy Schestowitz on Nov 03, 2024,
updated Nov 03, 2024

Electric Pylon at Georgia, USA.

Is security a real goal? The chief used to be Microsoft staff despite Microsoft working on back doors. Now:

Kris Borchers is a Technical Project Manager at the OpenSSF with 20 years of experience in open source and software development. He previously led GM Financial’s Open Source Program Office, focusing on risk management and community engagement. Prior to that, Kris managed technical programs at Microsoft and served as Executive Director of the JS Foundation, where he played a key role in driving innovation and growth in the open source community. He specializes in project management, stakeholder engagement, and open source strategy.

SOMEONE has pointed out to us that, in the context of the Linux Foundation (LF), "strip-mining" of Free software is also a problem for security. Under the LF they're relicensing code (now it's the Academy, according to The Register*), outsourcing it to Microsoft, and sharing it less or under more restrictive terms.

But then there's the aspect of security.

"The strip-mining of FOSS," someone has said, "leads to an alternative branch of Linux which is effectively closed source, proprietary abandonware. Once in production, proprietary abandonware remains as it was when it was shipped and thus unpatched even in the face of ongoing CVEs. Eventually some of the CVEs lead to remote exploits, the result will be falsely blamed on 'Linux' rather than the illegal, proprietary fork which was subsequently modded and then abandoned. There are *HUGE* repercussions here for embedded systems, especially routers. The inevitable result of unmaintained, closed source, proprietary on routers and switches will lead to a new form of bot net."

The Register recently ran this piece about Torvalds. "Unlike some tech bros," it said, "the world’s most famous software developer [Torvalds] sees his car as an appliance not an appendage. He reckons it runs Linux, “but I don’t touch it”."

So it's Linux as de facto proprietary off-the-shelf platform. How many of these products will be properly updated?

_____

* It also reveals that IBM has managed to scare away many users. To quote: "With the latest two versions of Rocky Linux taking 80 percent of the studio workstation market, but AlmaLinux just under 12 percent, it also rather confirms our suspicions about those projects' relative success – but that's not important right now."

Other Recent Techrights' Posts

Alleged Layoffs at IBM Consulting in Australia
IBM loses many government contracts these days
The Rumours Were Likely True: Sixth Wave of Microsoft Mass Layoffs in 2025 (Days After "50" Anniversary and About 5,000 Layoffs)
5 hours ago, by Ashley Stewart
IBM and MCC: Layoffs Coming Again to Metro Connect Company Limited (MCC) as Tariffs Bite and IBM's Shares Fall
Blacklists applicable to Chinese suppliers also mean that IBM can no longer cooperate with key partners in Asia
Go Static
Please don't Go(lang) or JavaScript or PHP or...
Keeping Track of Microsoft Layoffs in 2025
So here's a quick roundup of 2025
The Sixth Anniversary of the Lightweight Alternative to the Web (Gemini Protocol)
Now 11 short of 3,000 active capsules. 65 short of 4,500 total.
People Are Sick of LLM Slop. Offer Them Alternatives.
We never used LLM slop for anything and we never will
 
Microsoft's "Linux" Foundation Pays Writers to Publish Propaganda and Then LLM Slop Sites (Slopfarms) Repeat the Propaganda, Using Microsoft LLMs
consider the latest LLM slop
Once You Slop You Can't Stop and If You're a Serial Slopper Nobody Will Believe You Really Wrote an Article (Even If You Did)
It's a lot like, "if you're a serial liar people won't believe you even when you say some truth" (or "once a cheater, always a cheater")
Pressing Against SLAPPs (From Americans Who Strangle Women While Microsoft Pays Their Salaries) is a High Priority for Us
We also need to ensure that greedy firms/people that facilitate the SLAPPs get "disbarred" or "struck off"
Mozilla Firefox Already Down to 1% in Brazil
Don't people crave the surveillance and the slop?
Links 10/04/2025: Hardware, Politics, and Internet
Links for the day
Gemini Links 10/04/2025: Creativity and Agitation, Life in the USA, CSS Naked Day 2025
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, April 09, 2025
IRC logs for Wednesday, April 09, 2025
Malware in Proprietary Software - Latest Additions
Original by Free Software Foundation, Inc.
Links 09/04/2025: More Trade Wars and Wars, Chinese Army Troops Found Fighting in Ukraine
Links for the day
Linux Clickbait by Slop
Give it up for Brian Fagioli, the Serial Slopper
Microsoft's Entire Premise for Its Future Existence Goes Up in Flames
32 minutes ago
GNU/Linux on a High in Colombia
Stereotypes much?
Techrights Be Like...
K.I.S.S.
Gemini Links 09/04/2025: Autism, Cybersecurity, and LLMs Attacking Services Online
Links for the day
GNU/Linux Would be Measured at Over 5% Globally (by statCounter) Had the Data in India Not Been Changed
GNU/Linux grew a lot in many countries and has expanded since then
Links 09/04/2025: Quartz Fires All Writers (Shutdown, LLM Slop or Slopfarm Instead), "Bitcoin Is Crashing Hard"
Links for the day
Web Surveyor statCounter Sees Apple's macOS Falling From 5.6% to 3.6% in Two Months, It Might Soon be Smaller Than GNU/Linux
Apple's "value" (faked, exaggerated) is back to "pandemic times"
UK House of Lords Recognises the SLAPP Issue in the UK and EFF Pursues "Bill (That) Could Put A Stop To Censorship By Lawsuit" in the US
"A House of Lords inquiry into how the news industry can survive into the future has accused the government of “failing to prioritise” action on strategic lawsuits against public participation (SLAPPs)."
Open Source Initiative (OSI) Privacy Fiasco in Detail: Seeking Class Action Against the OSI
"LETTER SEEKING CLASS ACTION REPRESENTATION"
The Value of Slop, by Alexandre Oliva
Original by Alexandre Oliva
Gemini Links 09/04/2025: Neocities, Tinylogs, and Inter-community Protocols
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, April 08, 2025
IRC logs for Tuesday, April 08, 2025
You Can Be an A--hole to Women (Even Strangle Women) as Long as You Work for Microsoft
Recalling the Mark Shuttleworth origin story
Canonical is a Proprietary Software Reseller With a 'Debian Base'
"Canonical Ubuntu" is just Debian with some proprietary things sold on top of it
statCounter Sees Microsoft Bing at Lowest Level Since Last Summer
Since 2023 Bing has repeatedly had layoffs
Nearly 5,000 Microsoft Layoffs Disclosed on Week of Microsoft 'Anniversary' (Media Noise), The HR Digest Says More Layoffs Coming
more "Microsoft layoffs on the horizon"
Windows "Market Share" Down to 1% in Sudan, Based on statCounter
Among those 1% who use Windows to access the Web fewer than 30% are on Vista 11
People Who Facilitate Truth Will Always Win at the End
"Just always stick to the truth"
Slopwatch: LinuxTechLab, linuxsecurity.com, "Cyber Security News" and More LLM Slopfarms
So the Web has this bunch of slopfarms pretending to "cover" GNU/Linux
Links 08/04/2025: More Mass Layoffs Expected at Microsoft (Gaming), Fentanylware (TikTok) Unsold
Links for the day
Gemini Links 08/04/2025: "Shared Ownership" and Rant About Scrapers
Links for the day
Links 08/04/2025: Microsoft Shrinking, Oracle's Clown Computing Cracked
Links for the day
Walmart Vizio TVs Scream At Immigrants to Leave America
Reprinted with permission from Ryan Farmer
Stolen Credit Card and LinkedIn. DHS Spies on Immigrant Social Media.
Reprinted with permission from Ryan Farmer
How Corporations Such as Microsoft Try to Crush Critics and Dissolve Activism
Stay focused
Wikipedia Can Lower Its Hosting Bill by Going More Static, Not Just by Caching, But It Would Not Solve Its Biggest Problems (Bribes and AstroTurfing)
For about 15 years we had a Wiki in this site
At 50, Microsoft Has Over 100 Billion Dollars in Debt and Less Than 25% "Market Share" (Windows)
statCounter basically sees less than a quarter of Web requests coming from Windows
linuxhint.com Died 12 Months Ago (After Adopting Image Slop)
Zombie sites
LLM Slop Will Eventually Stop Due to High Costs, Worse Training Sets (Polluted Models Ingesting Their Own Junk), and No Real Returns
This too shall pass
Urgent Need for SLAPP Litigation Transparency
Microsofters really want to shut us up
Courage is Contagious
I became a witness to acts of great courage from EPO examiners
On Shutdowns and 2,000 More Layoffs at Microsoft (10,000 Microsoft Staff May Have Already Been Laid Off in 2025)
Microsoft tries to hide and belittle mass layoffs; its data centre business also flounders, so it issues puff pieces about some anniversary over and over again
Gemini Links 08/04/2025: Gabbro 0.1.4 and Disillusioned With Social Control Media
Links for the day
Microsoft Windows in Jordan: From 99% Down to 10%
This is becoming more "normal"
Open Source Initiative (OSI) Privacy Fiasco in Detail: A "Deep Dive" Into the Complaint at the California Privacy Protection Agency
There are many facets to it and it may be the first complaint of several
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, April 07, 2025
IRC logs for Monday, April 07, 2025