Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Silent Phone source code available on GitHub

Joseph Lorenzo Hall joe at cdt.org
Sat Oct 5 05:27:43 PDT 2013


Definitely what I call "disclosed source". I doubt they'd license with 
an open source license, let alone accept external commits. As long as 
the license allows review, static analysis, debugging compilation, etc. 
-- i.e., things needed for technical evaluation -- that's a good thing. 
Right?

best, Joe

On Fri Oct  4 12:02:11 2013, Karl Fogel wrote:
> Petter Ericson <pettter at acc.umu.se> writes:
>> So, Silent Circle (well, Silent Phone) is finally open source!
>
> Thank you, Petter -- it sounds like this release was a lot of hard work.
> But it doesn't appear to be actually open source.  At least, I couldn't
> find a license file containing an open source license.  Actually, I
> didn't see any license file at all, so I went looking for a source file,
> and the first one I found was:
>
>   https://github.com/SilentCircle/silent-phone-android/blob/master/src/com/silentcircle/silentphone/TiviPhoneService.java
>
> ...which contains this license header in a comment at the top:
>
>   > Copyright © 2012-2013, Silent Circle, LLC. All rights reserved.
>   >
>   > Redistribution and use in source and binary forms, with or without
>   > modification, are permitted provided that the following conditions are met:
>   > * Any redistribution, use, or modification is done solely for personal
>   > benefit and not for any commercial purpose or for monetary gain
>   > * Redistributions of source code must retain the above copyright
>   > notice, this list of conditions and the following disclaimer.
>   > * Redistributions in binary form must reproduce the above copyright
>   > notice, this list of conditions and the following disclaimer in the
>   > documentation and/or other materials provided with the distribution.
>   > * Neither the name Silent Circle nor the
>   > names of its contributors may be used to endorse or promote products
>   > derived from this software without specific prior written permission.
>   >
>   > [...]
>
> That first term is incompatible with open source (prohibition on
> commercial use means it's not open source).  For clarification:
> http://opensource.org/faq#commercial
>
> Of course, I'd love to see the code switched to an open source license,
> and am happy to help you choose one, if you'd like help.  A good place
> to start is http://opensource.org/licenses.
>
> Having the code visible to the world is still a gain from a security
> perspective, and I don't mean to diminish that.  However, "visible" is
> not the same as "open source".
>
> Best,
> ­Karl
>
>> At least, the previous version, with the next one coming "in a couple of weeks".
>>
>> This, to me, is absolutely wonderful news, as it is finally possible to get a
>> proper security audit of the whole shebang.
>>
>> Github issue: https://github.com/SilentCircle/silent-phone-base/issues/5
>>
>> The released repo: https://github.com/SilentCircle/silent-phone-android
>>
>> /P
>>
>> From: Jim Burrows <notifications at github.com>
>> Subject: Re: [silent-phone-base] Impact of ZRTP library critical security vulnerabilities (#5)
>> To: SilentCircle/silent-phone-base <silent-phone-base at noreply.github.com>
>> Cc: pettter <pettter at acc.umu.se>
>>
>> @pettter, "Soon" is today, well, actually last night.
>>
>> We've just released the sources to Silent Phone for Android
>> V1.6.5. And, yes, we released them one week after we released 1.6.6 to
>> the Play Store, so they're a little bit stale, *BUT*... what delayed
>> us was making sure that they were buildable from the GitHub repo
>> outside our build environment. That means, assuming we got it right,
>> that you can check out our repo here on GitHub, build your own APK,
>> install it on your phone and run it instead of our Play Store version.
>>
>> And to make lemonade out of the lemons of being one release behind, we
>> plan on releasing 1.6.6 in a couple of weeks, so, if you try to build
>> 1.6.5 and find that we blew it somehow, you can post an issue here and
>> we've already got a release planned to fix it in.
>>
>> I'm really sorry that "soon" took this long. It was absolutely NOT my
>> plan, but this summer has been really really hectic (for obvious
>> reasons) and we're a small company with limited resources. The
>> slowness has really frustrated me, as has the fact that when I yell,
>> "What idiot set those priorities?" each time something delayed posting
>> here, the answer was always "me". I can try to blame all the Snowden,
>> NSA, Prism brouhaha and the time and resource pressures it has put us
>> under, but in the end, I'm the one who grits his teeth and says, "Yes,
>> that's more important than the GitHub release. Make it so."
>>
>> I'd be happy to have you sympathize with me for the decisions I've
>> faced this summer, but I absolutely would not disagree with you if you
>> blamed me for the delay. I own it.
>>
>> Silent Phone for iOS sources, Silent Text for Android, and then Silent
>> Phone for Android 1.6.6 source releases are all in the pipeline, and
>> if you'll forgive me for using a word that I myself have sullied, they
>> should all be here "soon".
>>
>> ----------

--
Joseph Lorenzo Hall
Senior Staff Technologist
Center for Democracy & Technology
1634 I ST NW STE 1100
Washington DC 20006-4011
(p) 202-407-8825
(f) 202-637-0968
joe at cdt.org
PGP: https://josephhall.org/gpg-key
fingerprint: BE7E A889 7742 8773 301B 4FA1 C0E2 6D90 F257 77F8






More information about the liberationtech mailing list