On Tue, Jun 4, 2013 at 7:11 PM, Mark A. Hershberger mah@everybody.orgwrote:
Could you clarify this? I haven't been following this debate closely (real life has intervened) but this seems strange to me.
Of course, we can't control the license anyone puts on their code, but saying that if they produce software without a BSD- or GPL-like license then it would be insecure doesn't make sense to me.
What I meant is that right now you can make a closed source Wikipedia app. It's totally possible. All the user has to do is give the app his/her username and password and the app will do stuff.
By saying "you can only use OAuth if you're open source", it's the same as saying "if you're closed source you must use insecure authentication methods". Because just saying OAuth must be open source isn't going to stop closed source developers.
*-- * *Tyler Romeo* Stevens Institute of Technology, Class of 2016 Major in Computer Science www.whizkidztech.com | tylerromeo@gmail.com