Re: Hypothetical LaTeX security holes
On Wed, 17 Jul 2002, Joe Moore wrote:
> According to the LPPL (as I read it), Debian does not have the right to
> change latex.ltx without renaming it (latex.ltx? or the whole program?), and
> the LaTeX maintainers may have little interest in fixing an "obscure bug"
> that only affects a small set of users.
Doesn't matter.
The ability to fix bugs is not sufficient for software to be free, so
whether there could be bugs that need fixing is a bit irrelevant. Maybe I
want to add or remove a feature, or otherwise make it fit my needs.
In order to be free, it must allow exactly what LPPL seems designed to
prevent. A Debian user can take LaTeX, make it behave differently than
the original, (including producing different output), and distribute the
result.
If I can't call it latex, fine. I'll call it latex-improved and set up
the scripts that invoke it to use that by default. If I can't do that,
then it's not free.
If the latex folk are looking for sections of DFSG to comply with,
DFSG 3 is the one. It must allow modifications. Not "bugfixes", not
"modifications that the author approves", not even "modifications that
pass a test suite".
If I want to distribute a system based on latex that prints a tiny nude
picture of Ernest Borgnine instead of a period, this must be allowed by a
free license.
DFSG 4 does not override this, it's a suggestion of a way to allow such
modifications while enforcing the ability of a recipient to reconstruct
the original if she doesn't like the modifications. It's not necessary
IMO because she can ALREADY just get the original package from the source
in almost all cases.
I'm all for discouraging modification to a work, especially one like latex
which is already extensible and stable. But it cannot be disallowed, and
where possible the recommendation should be seperate from the license.
--
Mark Rafn dagon@dagon.net <http://www.dagon.net/>
--
To UNSUBSCRIBE, email to debian-legal-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: