undefined | Better HN

0 pointsglitchc3y ago0 comments

"Terms subject to change without notice."

If commercial entities can do it, so can the FOSS community.

0 comments

Not exactly, because the software already licensed under an old license (which is the only "terms" applicable here) will stay fine.

glitchcOP3y ago

No it won't. It will be unsupported. Bugs and security vulnerabilities will accrue making it less and less valuable over time. It's funny how the very people whose livelihood depends on perpetual software growth and maintenance are the first ones to claim FOSS is okay stuck at a particular version. Every company keeping their stack stuck on the permissive license is risking a log4j style event in the future.

lifthrasiir3y ago

That's true, but also very much independent from whether a once-free software went non-free or not. Log4j was absolutely a free software when that event happened. The same thing would happen if the maintainer don't see any more value in maintaining an FOSS software (including but not limited to monetary reasons) and stops doing so.

cesarb3y ago

> It will be unsupported. Bugs and security vulnerabilities will accrue making it less and less valuable over time. [...] are the first ones to claim FOSS is okay stuck at a particular version. Every company keeping their stack stuck on the permissive license is risking a log4j style event in the future.

Your example shows the opposite of what you intended to show. It was the people stuck at a particular version of log4j (the old unsupported log4j 1.x branch) who avoided the vulnerability, while the ones who kept up-to-date with the maintained log4j 2.x branch were vulnerable. And it also shows the power of a permissive license: for those stuck at the older log4j 1.x branch, which had been abandoned by its maintainers, there's now a fork by someone else (https://reload4j.qos.ch/) which is being maintained.

HALtheWise3y ago

That would be a much more relevant concern if we were talking about a database or library or something. In this particular case, mold is a linker, and I think people here are dramatically overestimating how likely there are to be security vulnerabilities in a linker or how little work is needed to keep it working at it's current level.

j / k navigate · click thread line to collapse

0 comments

lifthrasiir3y ago

Not exactly, because the software already licensed under an old license (which is the only "terms" applicable here) will stay fine.

glitchcOP3y ago

lifthrasiir3y ago

cesarb3y ago

HALtheWise3y ago

j / k navigate · click thread line to collapse