Clipperz and AGPL

Most of Clipperz source code is released under an AGPL v3 license. The preamble below clearly explains the benefits of such a license for web developers.

The GNU Affero General Public License (AGPL) is a free, copyleft license for software and other kinds of works, specifically designed to ensure cooperation with the community in the case of network server software.

[…] Developers that use our General Public Licenses protect your rights with two steps: (1) assert copyright on the software, and (2) offer you this License which gives you legal permission to copy, distribute and/or modify the software.

A secondary benefit of defending all users’ freedom is that improvements made in alternate versions of the program, if they receive widespread use, become available for other developers to incorporate.

[…] However, in the case of software used on network servers, this result may fail to come about. The GNU General Public License permits making a modified version and letting the public access it on a server without ever releasing its source code to the public.

The GNU Affero General Public License is designed specifically to ensure that, in such cases, the modified source code becomes available to the community. It requires the operator of a network server to provide the source code of the modified version running there to the users of that server. Therefore, public use of a modified version, on a publicly accessible server, gives the public access to the source code of the modified version.

Cryptography and open source

A fundamental assumption in cryptanalysis, first enunciated by August Kerckhoffs in the nineteenth century, is that the secrecy must reside entirely in the key. Kerckhoffs assumes that the cryptanalyst has complete details of the cryptographic algorithm and implementation. It was reformulated by Claude Shannon as “the enemy knows the system”.

There’s been a lot of debate by security practitioners about the impact of open source approaches on security. Clipperz stays on the side of security expert Bruce Schneier when he says: “In the cryptography world, we consider open source necessary for good security; we have for decades. Public security is always more secure than proprietary security. For us, open source isn’t just a business model, it’s smart engineering practice.”

And along the same lines is Vincent Rijmen, co-author of the AES algorithm: “Not only because more people can look at it, but, more importantly, because the model forces people to write more clear code, and to adhere to standards. This in turn facilitates security reviews.” (from LinuxSecurity.com)

How to contribute to Clipperz open source projects

If you are a coder …

• Get Clipperz source code from SourceForge
• Start small, with one-line changes to existing code
• Start off commenting existing code where it needs it
• Write some documentation on the architecture of the code
• Learn how to use all the tools (CVS, diff, patch, ..)
• Experiment by making changes to your local copy of the code
• Test your code thoroughly before you submit it
• Adhere to the maintainer’s coding and formatting standards
• Don’t get discouraged when your patches are rejected

If you are not a coder …

• Submit bug reports
• Suggest new features and make other comments
• Help write good documentation
• Translate the documentation into another language
• Read existing documentation, follow the examples, and make corrections
• Correct spelling and grammar mistakes in documentation
• Create diagrams, screen-shots, and graphics for documentation
• Help other people learn how to use Clipperz software and services by answering questions on forums, discussion groups and mailing lists
• Donate some money to the projects

(thanks to Scott Granneman)