Shipping Executables

Gib Bogle g.bogle at auckland.no.spam.ac.nz
Sun Feb 21 02:12:33 EST 2010 

Steven D'Aprano wrote:
> On Wed, 17 Feb 2010 02:00:59 -0500, geremy condra quoted Banibrata Dutta
> <banibrata.dutta at gmail.com>:
> 
>>> BTW for people who are non-believers in something being worth stealing
>>> needing protection, need to read about the Skype client.
> 
> Pardon me for breaking threading, but the original post has not come 
> through to my provider, only the reply from Geremy.
> 
> Many things are worth stealing and therefore need protection.
> 
> In any case, reverse engineering software is not theft. And even if it 
> were, keeping the source code secret is no barrier to a competent, 
> determined attacker or investigator. Skype is a good example: despite the 
> lack of source code and the secret protocol, analysts were able to 
> discover that TOM-Skype sends personally identifiable information, 
> encryption keys and private messages back to central servers.
> 
> In my personal opinion, releasing closed source software is prima facie 
> evidence that the software is or does something bad: leaking personal 
> information, infringing somebody else's copyright or patent, or just 
> being badly written. I'm not saying that every piece of closed source 
> software is like that, but when you hide the source, the burden of proof 
> is on you to prove that you're not hiding something unpleasant.

You are assuming that everyone who might be interested in copying your code is 
able to reverse-engineer it.  That might be true for software with a high 
commercial value, but it is by no means true for all software.  And in saying 
"when you hide the source, the burden of proof is on you to prove that you're 
not hiding something unpleasant" you are tacitly assuming that the users of the 
software care about having such a thing proven.  I submit that most users do not 
have this "guilty until proven innocent" attitude.

To give a personal example: I plan soon to distribute (free) to anyone 
interested some scientific software.  For various reasons I do not intend to 
distribute the source code at this stage.  I'm quite confident that the users 
(biologists) will have neither the desire nor the ability to reverse-engineer 
it.  Of course I'd be tremendously flattered if they did want to.  I'm also 
confident that they will not suspect me of "hiding something unpleasant".  In 
the worst case they might think the program is useless.

More information about the Python-list mailing list