[Asterisk-Security] Supporting security list

Joey Kelly joey at joeykelly.net
Sun Aug 7 16:38:16 CDT 2005 

> NAI had suspended the long-standing tradition of publishing PGP source code
> for peer review, a reckless move that eroded public confidence in the
> product. The new PGP Corp has reinstated this tradition, which allows
> anyone to download and inspect the PGP source code for bugs, and also shows
> that it has no back doors. And they still offer freeware versions for
> noncommercial use.

Great. Fantastic. Peer-reviewed software is guaranteed to be of higher quality 
than software whose source code is hidden away. But this is NOT the same as 
free software. The software is still proprietary and still non-free.

> From the beginning of PGP, there have always been freeware versions
> available for noncommercial use, and that is still true today. But bear in
> mind that if too many people just use the freeware without upgrading to a
> paid-for version, the engineers that develop PGP will have to find other
> work to feed their families. PGP suffered a near-death experience at the
> hands of NAI, and now has a new chance for life with PGP Corp. If you want
> PGP to survive this time around, you'd better ante up and pay your dues.
> You may have a constitutional right to use crypto software, but someone has
> to pay the developers. Free Speech is not the same as Free Beer.

Again, PGP is NOT free software. "Free for noncommerical use" is not 
acceptable when it comes to interacting with Asterisk. Asterisk is licensed 
under the GPL, and therefore is incompatible for use with software that is 
licensed in a restrictive fashion, such as PGP.

Let's say for the sake of argument that we do decide to use PGP somehow to 
interface with IAX or SIP for encryption purposes. I would venture to say 
that probably half the Asterisk installations (I'm not talking about such 
projects as Asterisk at Home here) reside in the commercial domain. None of 
these installations would be allowed to use PGP, unless a license costing 
hundreds or thousands of dollars were purchased for each install. Where does 
that leave us? Where does it leave Digium?

Sorry to be pedantic, but mixing free and non-free software is not going to 
work, from both a legal standpoint and a practical one.

-- 
Joey Kelly
< Minister of the Gospel | Linux Consultant >
http://joeykelly.net

"I may have invented it, but Bill made it famous."
 --- David Bradley, the IBM employee that invented CTRL-ALT-DEL
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.digium.com/pipermail/asterisk-security/attachments/20050807/c923bc68/attachment.pgp

More information about the Asterisk-Security mailing list