Protect Python Source

David Brown david at no.westcontrol.spam.com
Sun Nov 3 10:03:47 EST 2002


Comments below...

"TuxTrax" <bogusdrop at myself.com> wrote in message
news:30770aa4.0211020028.1434bd34 at posting.google.com...
> "David Brown" <david at no.westcontrol.spam.com> wrote in message
news:<aptuq0$uec$1 at news.netpower.no>...
> > "TuxTrax" <TuxTrax at fortress.tuxnet.net> wrote in message
> >
> > >
> > > Your comments reveal a thoughtful and curious approach that is quite
> >  healthy.
> > > It also reveals a world view that has in large part been shaped by the
> > > philosophies of proprietary software companies.
> > >
> > > Is a python compiler available for linux? I don't know. I do know that
no
> > > Linux users I know would even consider using one. It would never cross
our
> > > minds to make our source closed to others. This is where the whole
open
> >  source
> > > software movement takes a completely different world view. In open
source
> > > software, you retain the right to make a profit from your work, while
> >  still
> > > granting others the right to copy, distribute, modify and view the
source
> > > code. Just a year ago, this whole concept was horrifying to me. I
could
> > > not concieve of allowing others to have free access to my source code.
As
> > > a Long time windows user, I had some un-learning to do. But unlearn I
did.
> > > I started thinking in terms of the advantages of open source. First,
it
> >  keeps
> > > you honest; you write your best code because you know that your peers
are
> > > going to be seeing it all over the world. Second, with open source,
once
> > > you release it, other programmers may modify it helping it to become
more
> > > than you ever could have made it on your own (unless you choose to
forbid
> > > the modification of your code, but that's another subject). Third, the
> > > distribution of your product using the open source community, has no
> >  equal,
> > > and will cost you nothing. You can provide support to your users via
> > > that same community at little or no cost to you, and support is the
number
> > > one ongoing cost that software developers get saddled with. You can
use
> > > the resources of such organizations as the free software foundation to
> > > defend your copyright (don't let the "free" in FSF throw you; you can
> >  still
> > > market your product using the GPL licence).
> > >
> > > And finally, you get to give something back. This is a philosophical
point
> > > for me, but giving something back to the community that you benefit
from,
> > > whether it be your local community, or the computer community, is very
> > > important for us as people. It is a common and refreshing view that
you
> > > will find in the open source world, and one reason that I left the
> > > windows world for good. But thats a soapbox for another time. <grin>
> > >
> > > Cheers,
> > >
> > > Mathew
> > >
> >
> > I think you are making the mistake many "born again" open-source
advocates
> > make, and one that many anti-open-source people also make.  There is
plenty
> > of place in the world for both open and closed source software.
>
> Indeed this is true. Did I leave you with the impression that I was
> saying
> anything against closed source? The fact is I happen to agree with
> you, but
> shamelessly took an oppotunity to pitch the case for open source since
> the OP seemed not to have considered it.
>

Your comments *did* leave me with the impression that you were advocating
writing open-source software to the complete exclusion of closed-source.  It
was the "I do know that no Linux users I know would even consider using one.
It would never cross our minds to make our source closed to others" that did
it.  If you were just exagerating the one case to counter arguements in
favour of the other, then I guess that's fair enough.  But it certainly
looked like fanatisism to me, and that's never good for your cause.

> > In some situations, one is far better than the other
>
> OK.
>
> > in some cases either will do
> > the job.  Saying that everything should be open source is as bad as
saying
> > everything should be closed source.  It's a common misunderstanding
about
> > Linux ("Software companies should not write for Linux because then they
> > would have to give away all their source code...").
>
> And it is a common misconception (perpetuated by some proprietary
> software houses) that open_source == zero_profit. The fact is, open
> sourcing the program will not negatively impact the profitablility of
> the product. This flies in the face of conventional wisdom, but such
> companies as red hat have proven the business model.
>

True.

> At any rate, I don't believe I said everything should be open source.
> I did not intend to imply it.
>

Again, I think you did imply it (hence my first posting), but it looks like
we have actually have a pretty similar view on open- and closed- source
development.

> > Consider, for example, the program I am writing at the moment.  It is in
> > Python - a language whose licence is very clear in stating that all
> > Python-licenced code can be used in open and closed source software
(keeping
> > copyright messages intact).  The program provides a gui for an embedded
> > motor controller card, and our customer is paying good money for me to
write
> > the program.  He intends to sell the cards on to his customers, with
this
> > controller program to go with it.  In the future, he will want a bigger
> > version of the program (supporting several cards simultaneously).  He
may
> > well want to charge his customers for that software upgrade.  He
certainly
> > won't want his customers to have full access to the code - they may
modify
> > it for use with other supplier's motor cards.
>
> fine. Then make a license agreement that forbids the modification of
> the code for use with other brands of motor control equipment. That
> has nothing to do with open sourcing it. When you open source your
> code, you provide greater value to your customers, because you give
> them the power to meet future needs as they expand, by applying the
> same codebase to new hardware/software platforms. They can also see
> and verify that the code is not filled with bugs/backdoors.
>

Open source gives more to the customer, that is without question.  But it is
not necessarily in the supplier's interests to give them more.  In a great
many such cases, there is no real advantage to the customer to have the
source code.  They want us to write the stuff for them - that's what they
pay us for.  Depending on the exact contract, they may also pay for the
source code - not so that they can work with it themselves, but as a
protection in case of problems (such as our company going bankrupt, or
otherwise being unable to continue work on the project).  They know the
software has no (intentional) backdoors, and is as bug-free as we can make
it - again, that's what we're paid for.  If they did not trust us to do the
job, the customer would go elsewhere (that's part of the benifits of a
competitive world - compare it to closed source software with monopoly
power).

Even though a licence agreement might be as good as closed-source at
stopping abuse of the source code (these sorts of customers are responsible
people - they are not going to knowingly break agreements), there are two
problems with that.  Licences that are open-source, yet restrictive about
use, are in a no man's land, and would lead to all sorts of complications.
The biggest problem, though, is how to deal with a customer who has fiddled
with the code.  Imagine the joys of supporting code when the user has
"customised" the software, and now it doesn't work.  For specialised
software, it is far better that we do the modifications - we get paid for
it, and the customer gets the guarentee that it will work.  If they could do
as good a job at writing and modifying the software themselves, they
wouldn't have come to us in the first place.


> > This is not a program for
> > which either myself or my customer will gain any benifits from releasing
it
> > as open source - no one is going to be making improvements to it that
will
> > benifit us.
>
> see above
>
> > However, there are certainly *parts* of the program that could
> > be released seperately.  For example, I may seperate out the graphing
parts
> > of the gui into a nice, modular graph widget.  That could easily be
released
> > as open source (Python licence), for the benifit of others and for our
own
> > benifit - if people like it, they will contribute improvements which I
can
> > then use.  If I make any changes or improvements to the pyserial module
that
> > I am using, then I certainly will pass those changes back to the
community.
> > But by the time I get as far as making distribution copies of the
program,
> > I'll be making two sorts of packages - py2exe packages for easy
installation
> > on Windows machines, and .pyc byte-code files for use on Linux (and for
> > Windows users who already have Python).
> >
> > I fully agree that there are often direct benifits from making your own
> > software open source.  There is also the personal satisfaction factor -
I
> > have not written much that could be of direct benifit to others (my job
is
> > embedded systems development - you need our company's hardware to run
our
> > software), but I have enjoyed the feeling I get from the few direct
> > contributions I have made.  But there are many reasons to write closed
> > source code as well.  You do not speak for the Linux-using community
when
> > you say that writing closed source is against your principles.  From a
> > user's viewpoint, open source is definitely an advantage - just like
lower
> > cost, better documentation or more functionality is an advantage.  But
from
> > the writer or sellers viewpoint, it is a mixed blessing which must be
> > considered sensibly - just like the selling price, the level of
> > documentation and the functionality of the software.  The aim of all
> > businesses is to make money - preferably by providing good products and
> > services to their customers.  If that end can be best achieved by
openning
> > their software, great.  If it is best achieved by closing their
software,
> > then that's the way it is.
>
> Thank you for your thoughts.

And for yours.

>The OP was asking about securing code and
> I wanted to impress two things:
>
> 1) you can't secure your code

This is true - you can never be entirely secure.  You must look at each
case - what is it that you want to protect, from whom, and how far are you
willing to go for the protection?  But there are many levels of security.

>
> 2) open source is not a bad thing, it is, in fact, a very good option.

It often is a good option.  My point is merely that, while it often is the
best option, there are many cases where it is *not* the best option.

>
> cheers,
>
> Mathew

mvh.

David






More information about the Python-list mailing list