On Trust

Over on groklaw, there's the usual Sun bashing.

webmink has an excellent writeup on the IP issues that pre-CDDL licenses fail to deal with (and, despite the current wailing, by some, I bet GPL3 addresses the problem ... either in a fashion akin to the CDDL or at least inspired by it).

But putting aside all the confusion about patents, GPL and Open being synomnyns, and the like, one particular quote on groklaw caught my attention:

That's what I'd say. Use it only if you trust implicitly in Sun

This immediately reminded me of the classic Turing paper by Ken Thompson Reflections On Trusting Trust (1983).

When programmers build ontop of a system, they exhibit trust. Any system with hundreds of thousands of lines of code (or worse, millions) is simply too complex for nearly any programmer to individually inspect each line for subtle security traps (and if the system is still evolving, how would they have any time to develop their application?)  Open source may make it possible for someone to do their own proofs, but it's computationally infeasible.

Nor, of course, is trust limited to programming. When we get on an elevator, we exhibit trust in the manufacturer of the elevator, in the installer, in the maintainer, in the government body which audits them, etc.

In my limited experience dealing with corporate lawyers, their focus is not on "how can we cheat" or "how can we plant trapdoors in a contract" but it's "how can we ensure that both sides understand what's expected of them and write it down in a mutually agreeable fashion" (no doubt, there exist organizations that other ethics, Enron comes to mind).

The CDDL seems, to this reader, to make it pretty explicit that all contributors have to not only put in code, but put into the "common" pot the appropriate rights to use and protections for the code. That strikes me as fundamentally fair and useful.

Those that think that being precise about IP issues is somehow indicative of poor ethical behavior, and think that the GPL is the superior approach (in this regard) are exhibiting an incredible amount of trust ... in everyone that holds any software patents ... that no one will take them to task for patent infringement. When the code in question is simply shared among a small body of students that's a pretty safe bet. But for folks building multi-billion dollar businesses ought to assume that someone might not see their efforts in the same noble light.

It's sad that pointing this out, and trying to do something about it is seen as an attack or a threat.
Comments:

Post a Comment:
  • HTML Syntax: NOT allowed
About

khb

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today