Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Silent Phone source code available on GitHub

Joseph Lorenzo Hall joe at
Sat Oct 5 05:27:43 PDT 2013

Definitely what I call "disclosed source". I doubt they'd license with 
an open source license, let alone accept external commits. As long as 
the license allows review, static analysis, debugging compilation, etc. 
-- i.e., things needed for technical evaluation -- that's a good thing. 

best, Joe

On Fri Oct  4 12:02:11 2013, Karl Fogel wrote:
> Petter Ericson <pettter at> writes:
>> So, Silent Circle (well, Silent Phone) is finally open source!
> Thank you, Petter -- it sounds like this release was a lot of hard work.
> But it doesn't appear to be actually open source.  At least, I couldn't
> find a license file containing an open source license.  Actually, I
> didn't see any license file at all, so I went looking for a source file,
> and the first one I found was:
> ...which contains this license header in a comment at the top:
>   > Copyright © 2012-2013, Silent Circle, LLC. All rights reserved.
>   >
>   > Redistribution and use in source and binary forms, with or without
>   > modification, are permitted provided that the following conditions are met:
>   > * Any redistribution, use, or modification is done solely for personal
>   > benefit and not for any commercial purpose or for monetary gain
>   > * Redistributions of source code must retain the above copyright
>   > notice, this list of conditions and the following disclaimer.
>   > * Redistributions in binary form must reproduce the above copyright
>   > notice, this list of conditions and the following disclaimer in the
>   > documentation and/or other materials provided with the distribution.
>   > * Neither the name Silent Circle nor the
>   > names of its contributors may be used to endorse or promote products
>   > derived from this software without specific prior written permission.
>   >
>   > [...]
> That first term is incompatible with open source (prohibition on
> commercial use means it's not open source).  For clarification:
> Of course, I'd love to see the code switched to an open source license,
> and am happy to help you choose one, if you'd like help.  A good place
> to start is
> Having the code visible to the world is still a gain from a security
> perspective, and I don't mean to diminish that.  However, "visible" is
> not the same as "open source".
> Best,
> ­Karl
>> At least, the previous version, with the next one coming "in a couple of weeks".
>> This, to me, is absolutely wonderful news, as it is finally possible to get a
>> proper security audit of the whole shebang.
>> Github issue:
>> The released repo:
>> /P
>> From: Jim Burrows <notifications at>
>> Subject: Re: [silent-phone-base] Impact of ZRTP library critical security vulnerabilities (#5)
>> To: SilentCircle/silent-phone-base <silent-phone-base at>
>> Cc: pettter <pettter at>
>> @pettter, "Soon" is today, well, actually last night.
>> We've just released the sources to Silent Phone for Android
>> V1.6.5. And, yes, we released them one week after we released 1.6.6 to
>> the Play Store, so they're a little bit stale, *BUT*... what delayed
>> us was making sure that they were buildable from the GitHub repo
>> outside our build environment. That means, assuming we got it right,
>> that you can check out our repo here on GitHub, build your own APK,
>> install it on your phone and run it instead of our Play Store version.
>> And to make lemonade out of the lemons of being one release behind, we
>> plan on releasing 1.6.6 in a couple of weeks, so, if you try to build
>> 1.6.5 and find that we blew it somehow, you can post an issue here and
>> we've already got a release planned to fix it in.
>> I'm really sorry that "soon" took this long. It was absolutely NOT my
>> plan, but this summer has been really really hectic (for obvious
>> reasons) and we're a small company with limited resources. The
>> slowness has really frustrated me, as has the fact that when I yell,
>> "What idiot set those priorities?" each time something delayed posting
>> here, the answer was always "me". I can try to blame all the Snowden,
>> NSA, Prism brouhaha and the time and resource pressures it has put us
>> under, but in the end, I'm the one who grits his teeth and says, "Yes,
>> that's more important than the GitHub release. Make it so."
>> I'd be happy to have you sympathize with me for the decisions I've
>> faced this summer, but I absolutely would not disagree with you if you
>> blamed me for the delay. I own it.
>> Silent Phone for iOS sources, Silent Text for Android, and then Silent
>> Phone for Android 1.6.6 source releases are all in the pipeline, and
>> if you'll forgive me for using a word that I myself have sullied, they
>> should all be here "soon".
>> ----------

Joseph Lorenzo Hall
Senior Staff Technologist
Center for Democracy & Technology
1634 I ST NW STE 1100
Washington DC 20006-4011
(p) 202-407-8825
(f) 202-637-0968
joe at
fingerprint: BE7E A889 7742 8773 301B 4FA1 C0E2 6D90 F257 77F8

More information about the liberationtech mailing list