Re: evmpl license

From: Clay Lenhart <clay_at_lenharts_dot_net>
Date: Wed Sep 10 2003 - 23:08:02 CDT

Thanks for the comments, everyone. I'm glad everyone sees the
importance of being able to audit the software.

> A text
> document describing files modified, outside of a formal revision control
> system, perfectly well satisfies our license.

This is hinting at a downside to the audit trail. It seems that it is
easy to circumvent. Just have a text file with the general ideas of
what changed.

> If I have to audit a version
> of Linux, on the other hand, I need all the help I can get. Who wrote
> this line of code, why did they say they put it there, when was it
> added and in response to what external requirement.

I am in agreement with David, that there will be a Live CD for a
computer without a harddrive. Basically we will make a Linux
distribution. Doug proposed this hypothetically, but the kernel
*should* be apart of the system that will be audited (i.e. someone could
write a mouse driver to record people's votes, which clearly would be
bad). Lets take this issue seriously and not let it pass -- there is
alot of code to audit -- and to track. Doug's advantage (easy to audit)
and my advantage (easy to customize and more attractive to potential
users) are important due to the size of the software we will
distribute.

The scenario that I worry about is someone wants to customize the python
code to add logos to the screens or to the printouts, then later they
want to write a Linux driver to use special hardware like a random
number generator. What we are really asking people to do, is to put the
source code of the *whole* project in CVS before making any minor
change. Discouraging people from modifying the code will reduce the
number of people who make changes and later contribute the changes back
to the project. It also discourages people from using and customizing
the software. I see this restriction will make the software less
valuable to people who want to make minor changes.

I don't see a company taking the software and making major changes to
sell it. That would require them to pay for development when people
like me will do it for free. Plus, since it is GPL, I could take their
changes and include it in our project. This is not a good business
model. I think that companies will "back" the software and advise gov
agencies on using it. It looks like much of the GPL software goes this
route.

An auditor should not have any trouble determining what minor changes
took place. Major changes would throw a red flag for them anyways.
(i.e. Why are they spending so much money of development?) Currently
the license puts a burdon on our "clients". We should be careful of
this.

Here is another attempt at the license:

Using the software for elections for public office or votes on public
measures is considered "distribution of software" under this agreement.
All rights and restrictions must be obeyed as if the software were
actually distributed.

-Clay

==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Tue Sep 30 23:17:02 2003

This archive was generated by hypermail 2.1.8 : Tue Sep 30 2003 - 23:17:09 CDT