Re: [CA cert] Bet

[Nathan Reilly <nathan AT bbuzzed.cx>]

On 08/08/2004, at 7:40 PM, Duane wrote:

> Greg Black wrote:
>
> > I can't believe you're seriously asking this if you are supposed
> > to know something about security software.  Anyway, for a first
> > clue, try Bruce Schneier's Crypto_gram article:
>
> Ok let me reiterate, since my previous statement seems to have been a 
> little too subtle for some...
>
> > Apart from peer review can anyone bleating for code to be open 
> > sourced give me a factual benefit in doing so...
>
> _Note_ the *peer review* statement in the middle of my sentence...

Exactly.

From http://www.pgp.com/products/sourcecode.html you will find a link 
to their license agreement for source distribution 
(http://www.pgp.com/products/sourcecode_license.html)


1. What You Can Do. Under this license, you have the right to:

	a.  	download the PGP source code files and make a reasonable number 
of copies on a single computer as necessary to exercise the rights 
granted below;
	b.  	 review the source code in these source code files in order to 
verify that there are no unknown vulnerabilities or the like and in 
order to make your own assessment of the security features of PGP 
software;
	c.  	 compile the source code for each PGP software program into an 
executable code version of the program;
	d.  	 run the executable code version on one computer solely in order 
to assist in your testing and cryptographic analysis of the security 
features of the PGP software; and
	e.  	 modify the source code in the course of exercising the rights 
granted above.


2.  What You Cannot Do. Under this license you do not have the right 
to, and you may not:
        a.      modify the source code beyond what is allowed above;
        b.      make copies of the source code files beyond what is allowed 
above;
	c.  	remove or alter any notices in the source code files relating to 
patents, copyrights, trademarks, or other proprietary rights;
	d.  	give (meaning sell, loan, distribute, or transfer) the source 
code files to anyone else (unless you are downloading the source code 
files in the course of performing duties for your employer, in which 
case you can share the source code files with fellow employees as long 
as you dont make additional copies and otherwise comply with these 
license terms  if this seems overly restrictive, remember that other 
people who want to have access to these source code files can also come 
to the PGP web site to download them, but for important legal reasons 
we need to require that each copy of the source code be obtained 
directly from PGP);
	e.  	 use executable code versions of PGP software programs created by 
compiling these source code files for any purpose or reason other than 
verifying that there are no unknown vulnerabilities or the like or 
otherwise making your own assessment of the integrity of the source 
code and the security features of the PGP software; or
	f.  	give (meaning sell, loan, distribute, or transfer) any executable 
code version of PGP software programs to anyone else.

What more do you need?