Quote from: kmfkewm on September 06, 2012, 01:58 amQuote from: Wadozo on September 06, 2012, 01:22 amWhy did pine fly off the handle and make accusations about LouisCyphre which are seemingly untrue and could potentially stifle new business through his vendor's account ? Very strange indeed! It's not like pine to make such a simple mistake as claiming the software is closed source when clearly it's not. ??? I feel LouisCyphre has more than adequately posted answers to all questions asked of him. Well done LouisCyphre. :)I still think vendors selling software sets a precedent that we need to be careful about. A lot of good can come from having programmers working to make software to help us become more secure and make our lives easier. In fact, I have some projects of my own that I am working on.Cool.Quote from: kmfkewm on September 06, 2012, 01:58 amAt the same time we need to realize that the people here are of course risking very real prison sentences, and that the utmost care must be taken regarding running software from people.Fair enough, I agree.Also, since I am not LE and am providing software which can facilitate vendor operations I think real LE would love to prosecute me for that. Probably a conspiracy charge for every sale plus the initial contract which led to it.Quote from: kmfkewm on September 06, 2012, 01:58 amI think that the best approach is one of open source publicly audited only. I can see your point, but your faith in the generosity of users is, I suspect, exaggerated. Your previous suggestion of a developer tip jar would be unlikely to garner more than a few BTC. I'm basing this opinion on what my experience with PGP Club and GPG instruction in other threads and via PMs.There's nothing in the GPL which prevents selling the code under that license. In fact, here's the part of the FAQ which relates to it:QuoteIf I use a piece of software that has been obtained under the GNU GPL, am I allowed to modify the original code into a new program, then distribute and sell that new program commercially?  You are allowed to sell copies of the modified program commercially, but only under the terms of the GNU GPL. Thus, for instance, you must make the source code available to the users of the program as described in the GPL, and they must be allowed to redistribute and modify it as described in the GPL.  These requirements are the condition for including the GPL-covered code you received in a program of your own. Clearnet source: https://www.gnu.org/licenses/gpl-faq.html#GPLCommerciallyQuote from: kmfkewm on September 06, 2012, 01:58 amIf a vendor knows enough python to audit the code they will make it themselves, so there is no point in anyone who is capable of auditing it paying for it.Yep.Quote from: kmfkewm on September 06, 2012, 01:58 amI don't think that we should have a culture here that promotes haphazardly running code from others, that will certainly lead to people being pwnt and I can very easily see Pines concern, I can understand that concern too and I share it. There have been calls for SR's source code to be released for similar reasons, but that's not too likely either.Quote from: kmfkewm on September 06, 2012, 01:58 amalthough I also see that she is somewhat fear mongering or at least talking about technical things she doesn't know enough about to make accusations based on Thanks. She does jump to conclusions sometimes, this isn't the first time.Quote from: kmfkewm on September 06, 2012, 01:58 am(for example claiming a python program is closed source, I don't know if that is even possible, maybe it can be distributed as bytecode or obfuscated, but that is hardly what anyone thinks of when python scripts are mentioned, and it seems she has absolutely nothing to base her claims of this software not being open source on).It's possible to compile Python code as a Windows executable, but that's not what this is. I did it once years ago and it turned a script that was a few Kb in size into something like 1.5Mb. Ridiculous. I'd rather just install Python, if it's not already installed, and run the code.I've never bothered trying to reverse engineer the bytecode from any of my scripts, but I believe it's usually pretty straight forward. I think it might be possible to obscure it, but I can't remember because I've never been interested in doing that.Quote from: kmfkewm on September 06, 2012, 01:58 amMy suggestion remains, that people not use software offered by people here, unless it is open source and the code is available for everyone here to audit. I think this is the only way we can create tools for each other to use while not being at risk of malicious activity. I would love to make money from the tools I will hopefully be providing soon, but I realize that nobody in their right mind is going to run code from here unless it is publicly audited, and the people who do are going to end up getting pwnt, be it from Louise or someone else.There's no "e" in my first name. Unlike Pine, I'm not quibbling about my gender. ;)Anyway, I certainly understand your point of view, which is why I'm aiming for balance between being able to sell my product and address valid security concerns.