undefined | Better HN

0 pointslawl12y ago0 comments

> certain parts may depend on components they don't intend to release

Then hopefully that code isn't in the same repository during develoment, but as a separate library. Everything else makes no sense.

The open source code can be useful even if it doesn't run without the library you didn't release.

> or on third-party ones they can't release.

Again, I hope for you, you didn't check in this stuff in your main code repository.

> It must also be checked to make sure it doesn't have any security implications (credentials, information about internal architectures, etc).

If your code has hard coded credentials you should probably start by firing your developers. As for the architecture part, if you need to do security by obscurity you're doing it wrong anyways.

> Finally, releasing it may expose them to patent attacks of which existence they might not even be aware.

Not for canonical, they're based in the UK and there are no software patents in Europe :)

But okay, that might be an issue for some US based companies.

Edit: IANAL, the situation might be a bit different in the UK than in the rest of europe, so I might be wrong: https://en.wikipedia.org/wiki/Software_patents_under_United_...

0 comments

4 comments · 2 top-level

icebraining12y ago· 2 in thread

Yes, yes, companies shouldn't do that. But I'm talking about real life, not spherical cows, and we know that companies do all that and much worse.

Besides, let's say that you're a product manager who's responsible for allowing the release of that code. You know that generally all those best practices are followed, but there were a few dozens of employees touching that code, and some might not even be at the company anymore. Are you really sure that none of them put sensitive stuff in there? Are you willing to bet your job on that?

lawlOP12y ago

> Are you really sure that none of them put sensitive stuff in there? Are you willing to bet your job on that?

If you really want an answer to that: Yes, I would. Even if there are credentials in there, I'd expect them not to be usable from the public net, but only from lan/vpn.

Yes, I'd risk my job for that.

icebraining12y ago

Well, some people throw themselves off bridges, but I wouldn't criticize those who don't.

mcintyre199412y ago

Software patents in the UK and Europe are actually quite a complex issue, although Canonical have publicly lobbied against them. I'll just shamelessly repost a previous comment of mine:

Software patents are not entirely avoided in the EU, just to be clear. Quoting a little from an essay I had to write, although “programs for computers” are excluded by Article 52 of the European Patent Convention (1963), inventions that include an inventive step and solve a technical problem by the utilisation of a computer program have been upheld on appeal, for example in the case of Microsoft Corporation (data transfer with expanded clipboard features. T 0469/03 - 3.5.01, (URL now dead : http://www.epo.org/law-practice/case-law-appeals/recent/t030...) They might tell us that computer programs can't be patented, but their courts say otherwise - including states involved in the upcoming European Patent (for those unaware, currently EU states choose which European Patent Office patents to accept, the European Patent will synchronise all states except Spain and Italy). Actually the situation in Europe is quite similar to America - software isn't part of their patent legislation literature either; but such patents have been upheld repeatedly.

j / k navigate · click thread line to collapse