-- TOC --
源码开放的软件,具有更加安全的特性。主要原因如下:
一方面是源码开放,任何人都可以查看源码并发现其中的问题;
二是各种恶意代码在众人的眼皮底下也无处藏身(开源软件下载后注意比对数字签名,并尽可能选择官方下载渠道);
三是一旦有bug出现,社区会非常及时的提供patch,社区积极分子很多,软件就像他们的儿子一样被精心照料着。
四是使用更安全更放心更长久更自由,开源软件的生命周期会比商业软件更长,用户因为能够拥有代码,所以不会特别担心软件的后期更新维护问题,即便社区倒掉了,项目被人遗忘了,如果你的企业还在使用,一时还找不到替代品,你还可以自己动手,因为你拥有完整代码。商业软件客户存在被软件开发商绑架的可能性。商业软件说:不公开更安全。我们只能去相信商业软件公司的人品了!你信吗?
五,开源软件的质量,普遍要比商业软件高。开源软件有数不清的开发者和用户改进安全,创新功能来不断的加强开源软件的可用性,一般来说,开源软件更加接近用户实际所需要的,因为他们自己亲自在改进他。不需要一个销售商去告诉用户他们都需要什么,用户和开发者自己实现他们想要的,而且成就斐然。至少在最近的一次研究中显示,事实上技术上的优越性才是企业客户选择开源的最主要的动因。高质量也代表了更高的安全性。
再也想不出比最近Coverity发现安卓核心漏洞这样更好的例子了,Coverity发现了安卓核心的漏洞充分说明了开源软件的安全性是超级可靠的。这个发现为何如此令人振奋呢,正如我们近日注意到的,漏洞之所以能够被发现是因为安卓的核心代码都在公众的视野之中。
虽然说安卓不是一个100%的开源程序,但是这个例子还是能够充分的反映著名的Linux之父Linus Torvalds的“Linus法则”:“曝光足够,所有的Bug都是显而易见的。(Given enough eyeballs, all bugs are shallow.)”他的意思是说,只要有足够多的人使用和测试代码,任何缺陷都会被找出来,并被很快解决掉。这和昂贵的商业软件一直所宣称的“不公开更安全”的论调明显是背道而驰的。
iPhone和Windows没有听到这样的瑕疵报道难道就意味更加安全了吗?你可能会说,距离安全相去甚远,甚至是截然相反。这意味着这些产品没有对公众开放,公司以外的任何人对许多bugs毫不知情。比如iPhone对蓝牙程序匹配能力超低,经历了几代之后,依然如此。
在像Linux这样的开源世界中,一般来说bug一旦发现,立刻就会被解决;而在商用软件的世界里面恐怕就不是这样。比如微软,在发现zero-day这个缺憾的时候,用了几个月才有布丁发布弥补漏洞。真的要祝福那些使用这些软件的人好运了。
至少正版软件这个概念,正在逐渐被开源软件替代,现在提正版的人也越来越少了。正版是闭源的商业软件,开源是自由的软件,没有正版这个概念。
开源与垄断
看到一个观点,有点意思,说开源的本质就是形成局部垄断。
这个世界,最优秀的软件都是开源的,而这些开源项目的使用群体也是最大的。大家都免费使用,开源就事实上形成了垄断。这种大家共同免费使用同一个东西的局面,不构成任何垄断竞争。
在竞争层面,封闭的软件之间相互竞争,如果突然出现一个开源的同类项目,有成本偏好的客户就会首先尝试,然后逐渐吸引更多的客户,开源的项目也会在社区的推动下,做的越来越好,而且有信誉,因为开放源代码,不会说假话。最后大客户都用开源了,闭源的商业软件最后通通死掉。。。软件公司不做开源,难有活路。
Linux已经几乎统一了服务器的世界,以及各种嵌入式OS领域,桌面Linux也在逐渐被人们接收。想象一下,以后所有的系统都运行在Linux上面,这个最重要的底层OS,免费开源,共建共享!
MySQL因为被Oracle收购,存在闭源的风险,于是又出现了开源的MariaDB。WordPress占据了互联网30%+的流量,白宫的网站也基于它。Git开源,Github上面托管着这个星球无数优秀的开源项目......
开源从一种精神图腾,成为了软件世界的主流,也改变了原有的软件商业模式。这种没有BOM成本的东西,就应该免费分发到全世界,比如开源软件!
软件工程师在开源的世界中,也更加有利于自己的职业发展。重要的基础的软件系统,基本上所有的公司都在使用,工程师积累的技能不会因为服务于不同的公司而折价。而且,开源项目的生命力更加的持久,工程师投入的学习成本能够产生更持久的回报,积累的经验也更加不容易变的毫无用处。
开源协议
MIT开源协议介绍
MIT开源协议之名源自麻省理工学院(Massachusetts Institute of Technology, MIT),又称「X条款」(X License)或「X11条款」(X11 License)
MIT开源协议的内容与三条款BSD许可证(3-clause BSD license)内容颇为近似,但是赋予软件被授权人更大的权利与更少的限制。
被授权人有权利使用、复制、修改、合并、出版发行、散布、再授权及贩售软体及软体的副本。被授权人可根据程序的需要修改授权条款为适当的内容。在软件和软件的所有副本中都必须包含版权声明和许可声明。
此授权条款并非属copyleft的自由软体授权条款,而是允许在自由开放源码的软体或非自由软体(proprietary software)上使用。此亦为MIT与BSD(The BSD license, 3-clause BSD license)本质上不同处。
MIT条款可与其他授权条款并存。另外,MIT条款也是自由软体基金会(FSF)所认可的自由软体授权条款,与GPL相容。
MIT是和BSD一样宽松的许可协议,作者只想保留版权,而无任何其它限制。
也就是说,你必须在你的发行版里包含原许可协议的声明,无论你是以二进制发布的还是以源代码发布。
所以,如果你只是想安心写代码,而不想关心其它事情,选择MIT开源协议就可以了。
下面是MIT开源协议的英文原文:
Begin license text.
Copyright <YEAR> <COPYRIGHT HOLDER>
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
End license text.
jQuery, .NET Core, 和 Rails 等著名的软件,都使用 MIT License。
开源协议Apache License 2.0介绍
Apache License 2.0协议来自于著名的Apache基金会,其最重要的开源软件就是Apache(HTTPD)网站服务器。
Apache License协议和BSD类似,同样鼓励代码共享和尊重原作者的著作权,同样允许代码修改,再发布(作为开源或商业软件)。需要满足的条件也和BSD类似:
需要给代码的用户一份Apache Licence
如果你修改了代码,需要在被修改的文件中说明
在延伸的代码中(修改和有源代码衍生的代码中)需要带有原来代码中的协议,商标,专利声明和其他原来作者规定需要包含的说明。
如果再发布的产品中包含一个Notice文件,则在Notice文件中需要带有Apache Licence。你可以在Notice中增加自己的许可,但不可以表现为对Apache Licence构成更改。
Apache Licence也是对商业应用友好的许可。使用者也可以在需要的时候修改代码来满足需要并作为开源或商业产品发布/销售。著名的Android系统,Apache基金会的众多开源项目,Swift项目等,都是用Apache Lincese 2.0协议。
使用Apache Licence 2.0协议的好处是:
--
Apache Lincese 2.0协议的英文原文:
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "{}"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright {yyyy} {name of copyright owner}
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
有时间还是要仔细读一读英文原文,中文的内容都是抄来的。
本文链接:https://cs.pynote.net/se/202111211/
-- EOF --
-- MORE --