Mostly reasonable

Posted Mar 23, 2022 4:49 UTC (Wed) by milesrout (subscriber, #126894)
In reply to: Mostly reasonable by cypherpunks2
Parent article: Guidelines for research on the kernel community

I think this is taking things a little too far. It was once widely accepted that there is no obligation to share software. The "free software" idea that is IF you share software, THEN you ought to share the source code. That is conditional. There is no expectation that you ought to share every piece of software you write or use. There is no expectation that if you share the result of using software that you must share the software itself. If one's goal is to improve the security and reliability of free software while making a living and building a sustainable business then it very easily could be that the best strategy for doing that is to keep some security-bug-finding tactics close to one's chest. In the long term, having that sustainable business means that one can keep doing the bug-finding long term. A community of independent and sustainable security researchers is going to be better for the security of software in the long term than a bunch of people all just doing it in their spare time because they feel obliged to release their tools as free software, free of charge and free of encumbrances, eliminating their only potential source of revenue on which to build a sustainable business.