From the fine folks over at net-security.org comes this interesting announcement:
ZeroDB, an end-to-end encrypted database whose release was announced earlier this year, is now open source.
Developers MacLane Wilkison and Michael Egorov changed the license from proprietary to AGPLv3 on Monday, and invited the public to use it: "Try it, build awesome things with it, break it. Then tell us about it."
ZeroDB is based on the eponymous protocol that allows end-to-end encrypted queries, which in turn allows encrypted data to be stored on untrusted servers (e.g. in a public cloud).
[...] "In ZeroDB, the client is responsible for the database logic. Data encryption, decryption and compression also happen client side. Therefore, the server never has any knowledge about the data, its structure or order," it is explained in the documentation.
"Since the server has no insight into the nature of the data, the risk of a server-side data breach is eliminated. Even if attackers successfully infiltrate the server, they won't have access to the cleartext data," the developers pointed out.
No, NCommander, we don't need to switch databases twice in a year. Wait till 2016 at least.
(Score: 2) by NCommander on Friday December 11 2015, @10:22AM
Ugh, this is why I shouldn't post when I'm half dead. I posted the text of Apache2 in that spot. The actual patent text from the GPLv3 is:
You may not impose any further restrictions on the exercise of the rights granted or affirmed under this License. For example, you may not impose a license fee, royalty, or other charge for exercise of rights granted under this License, and you may not initiate litigation (including a cross-claim or counterclaim in a lawsuit) alleging that any patent claim is infringed by making, using, selling, offering for sale, or importing the Program or any portion of it.
It's the reading of the term "import" which suggests it applies when incorporated as part of a larger distribution. The fact is I'm not a lawyer, and I'll go dig out the revelant threads from the FreeBSD mailing list when I'm less zombie. I'm going to bail out of this until tomorrow after I've slept a good 8 hours.
Still always moving
(Score: 0) by Anonymous Coward on Friday December 11 2015, @12:00PM
When has "import" ever been used to mean "incorporated as part of a larger distribution" in a legal context? The GPL is a legal document, not a programming one.
Personally, I can't see how "import" in this context could be interpreted as meaning anything other than "transfer from one legal jurisdiction to another". For example: "libfoo is developed and licensed for the EU. If you wish to use libfoo in the US, you must license our patents or we will sue".
(Score: 4, Informative) by Anonymous Coward on Friday December 11 2015, @01:26PM
Evidence that you're misreading:
GPLv3, [www.gnu.de] section 5, last paragraph
So the license states quite explicitly that the license does not apply to other parts of a distribution which are independent of the covered work (i.e. the GPLv3-licensed code). Of course if the license does not apply, then this is true for any clause of the license, including the patent clause.
In short: If you distribute a GPLv3 GCC with your OS, then the rest of the OS will not automatically be covered by the GPL, except for code that makes explicit use of GCC's code.
Now if you compile with GCC, other considerations come into play, because the compiled code explicitly contains code from the GCC runtime library. However, that library contains the following exception:
See https://www.gnu.org/licenses/gcc-exception-3.1-faq.en.html [gnu.org] for details.