Open sourcing an encryption software

Discussion in 'privacy technology' started by ResoMail, Jul 21, 2009.

Thread Status:
Not open for further replies.
  1. ResoMail

    ResoMail Registered Member

    Joined:
    Jul 19, 2009
    Posts:
    27
    What is the best way to publish sources for encryption software?

    Is a version control system a must or I can publish just an archive with source files? Should I pack all the needed libraries in that archive or it will make it bloated?

    I've been thinking of using http://sourceforge.net/ but it seems that a lot of cryptographic products don't use it (for example http://bouncycastle.org/ and TrueCrypt) and TrueCrypt had used it some time ago but now just publishes an archive with source code, are there any pitfalls in using sourceforge or similar services?

    Also I'm concerned about acceptable license, I want to use something like LGPL but with exception that nobody can change, add or remove the root certificates. Will it be still accepted as open source license by sites like sourceforge?
     
  2. DesignSecure

    DesignSecure Registered Member

    Joined:
    Jul 25, 2009
    Posts:
    4
    Actually - truecrypt don't use sourceforge at all - their "project page" on it just redirects to their WWW site now.

    If they did use sourceforge, as opposed to having it as just a "shop front", it would be possible to get earlier versions of their software and so comparisons to see what's changed.

    They do have the distrubing habbit of removing all trace of of the previous release when they put out a new version -almost as though they don't want anyone to carry out a diff between releases?!!

    None that I can see...

    If you don't mind me asking, why the LGPL? Seems like an odd choice these days - even GNU don't really recommend it?

    Not likely - the whole point behind open source is that anyone with a copy of your source can do pretty much what they want with it - and you're looking to close it down?

    IIRC, that means the GPLv3 is out for you - though I can understand why you wouldn't want people to change certificates; this opens the door to letting people misrepresent things quite badly...
     
  3. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,950
    Location:
    U.S.A.
    DesignSecure, while it's true that TC is using their own site to host their programs, they do provide 3 Past Versions (4.3a, 5.1a, 6.1a) of their software.

    For all versions, including release Change Logs, FileHippo is the place to go!
     
  4. ResoMail

    ResoMail Registered Member

    Joined:
    Jul 19, 2009
    Posts:
    27
    I thought that may be there are some limitation in hosting cryptography software there, based on it being hosted in US?
    I want people to be able to use it as a library in their program without restrictions, at the same time keeping it open source. Why LGPL is bad for this and what is better?
    Yeah, and I'm still looking for the acceptable solution. I've seen there are products out with open source licenses with exceptions, but I'm not sure which exceptions are acceptable.
     
Loading...
Thread Status:
Not open for further replies.