[wplug] GNU GPL License

Tom Grove tom.grove at nepinc.com
Wed Oct 14 13:54:32 EDT 2009 

On Oct 14, 2009, at 1:03 PM, Bruno Pierri Galvao wrote:

> Point well taken. I was using eBay as an example. The idea is to  
> develop a business-to-business marketplace such as alibaba.com but  
> with added functionality. We thought it was going to take us much  
> longer because we were going to code the b2b marketplace from  
> scratch but on Sept. 30, 2009 the first open source b2b marketplace  
> was launched (phpb2b). We did not want to reinvent the wheel so we  
> plan on using this open source b2b marketplace.
>
> So based on these discussions you guys think that there are no  
> problems in keeping the add-ons open source? This software is  
> responsible for millions of dollars of transactions between reliable  
> businesses. Security is a must. That means, if one of the bug  
> contributors decides to exploit a bug they found then we are in big  
> trouble.
>
> -bruno
>

There is no inherent security when using closed-source code.  Let's  
use the iPhone as an example.  Recently Apple has fixed a security  
hole that was used by the iPhone Dev Team to jailbreak phones.  As  
some of you may know the iPhone has been jailbreakable for quite some  
time, meaning that this exploit has been a problem since then.  The  
iPhone OS is closed.

I'm not advocating opening up the iPhone software, however, one could  
make the argument that if it were open sourced the exploit could have  
been patched quicker.  There more eyes that you have on code the more  
eyes you have to pickup on mistakes.  It's similar to a continuously  
running code review.

As another example you can take phpb2b.  By you alone downloading and  
coding against it the developers have another set of eyes looking at  
their code, making it better, more efficient, and more secure.  Yes,  
there are some people out there looking to exploit holes in your code  
but they will be there whether or not you close your source.  The  
problem lies with the fact that if you close your source you will have  
no one but yourself helping to fix those exploits.

Just something to think about.

Tom

More information about the wplug mailing list