Publishing exploits in retaliation to GPL violators?

Tue Jan 2 17:41:21 UTC 2018

I don't see how this is likely to lead them to compliance.

On Tue, Jan 2, 2018 at 12:05 PM, John Sullivan <johns at fsf.org> wrote:
> "Bradley M. Kuhn" <bkuhn at sfconservancy.org> writes:
>
>> While I understand and empathize with Jon Sawyer's frustrations with a
>> intransigent GPL violator as described here:
>> https://twitter.com/jcase/status/947927262443094016 ...
>>
>> ... my initial reaction was that this doesn't fit the Principles of
>> Community-Oriented GPL Enforcement.  What do others think?
>>
>> I also wonder if "publishing a code exploit as retaliation to
>> non-responsiveness from a violator" is merely a special case of
>> "Confidentiality can increase receptiveness and responsiveness."?
>>
>> Do folks think this issue should be mentioned explicitly in the Principles,
>> or is it rare enough that it can be assumed to be included by implication of
>> the existing Principles text?
>
> Yeah, similar to GPL enforcement principles, exploit disclosures should
> also follow certain principles, so I wonder if he followed those (ie
> told the company about the exploit privately).
>
> My initial thought is that it's covered well enough by existing text
> (both by the confidentiality principle and by the first "no other goal
> should supersede" principle since there seems to be a goal of
> embarrassing the company / causing economic damage to them being
> prioritized here).
>
> But curious what others think.
>
> -john
>
> --
> John Sullivan | Executive Director, Free Software Foundation
> GPG Key: A462 6CBA FF37 6039 D2D7 5544 97BA 9CE7 61A0 963B
> https://status.fsf.org/johns | https://fsf.org/blogs/RSS
>
> Do you use free software? Donate to join the FSF and support freedom at
> <https://my.fsf.org/join>.
> _______________________________________________
> Principles-discuss mailing list
> Principles-discuss at sfconservancy.org
> https://lists.sfconservancy.org/mailman/listinfo/principles-discuss