Go Back   FlashFXP Forums > > > >

ioFTPD General New releases, comments, questions regarding the latest version of ioFTPD.

Closed Thread
 
Thread Tools Rate Thread Display Modes
Old 08-14-2005, 04:12 AM   #1
Daniel919
Member
 
Join Date: Jan 2003
Posts: 38
Default source access

Hi there,

Why not give registered users, that already bought an ioFTPD license, access to view the sourcecode, under a very restrictive license ?

I already started a discussion in IRC about this, but I did not get an acceptable reason, why this would be a disadvantage.


Here you get some of my answers to common thoughts about this:
1. "iniCom will loose a lot of profit."
No, because you have to buy a license FIRST, then you might get access to view the code.

2. "Opensourcing it doesn't necessarily mean it will become better."
It's not opensource (like gpl), it will remain a commercial product.
Of course, I can't predict the future, but there is a big ioFTPD community, and I am sure a lot of users would like to help improving ioFTPD (me included).
An example how this could be done can be found at the end of this message.

3. "Everyone will copy the code."
This will be restricted, so it would be illegal.

4. "If they provide the sourcecode with a licensekey, everybody will get it "illegal", and there's no profit anymore."
This would mean that now everyone has a legal ioFTPD.
I want to say, if someone wants to get an illegal ioFTPD, he will get an illegal ioFTPD, whether the source is viewable or not, it doesn't matter for him.

5. "Why you want to view the source ?"
I would like to help to improve ioFTPD, including new functions etc...
But don't tell me to suggest the single functions I want, thats not the point of this topic.

6. "There will come exploits for it faster then usually."
This would lead to a "what is more secure: closed or open ?" war.
Microsoft is trying the first way, Linux/Solaris/FreeBSD/... the second
I think: more eyes look through the code => more bugs are found => ioFTPD gets more secure

7. "Use a free system + a free ftpd. (Linux + vsftpd)"
If I wanted to do so, then I wouldn't post this message.

There should be something like a bugtracking system, where users can post:
- code.diff files, with functions they included
- bugs they fixed
- code they improved
Details about this can be discussed later.


If these steps would be followed, we can expect to see an ioFTPD ...

... that has a lot more functions
Users can integrate new functions directly, and send their changes to darkone via the bugtracker. Then he just patches them into the source and recompiles ioFTPD.
So one could integrate a new feature immediately, and does not have to suggest it and wait until it's written and integrated (which takes a long time, especially if it has low priority for other users)

... that is more secure
Bugs can be fixed immediately, and patches will be send via the bugtracker.
A new ioFTPD version could follow after some hours.

For iniCom this could mean more profit,
because potential customers will be attracted to ioFTPD, if they see it's continuously getting better and more secure.


I am very serious about this, and again:
This does NOT mean opensource like vsftpd, or other GPL projects.
It will remain commercial.



Please tell me your opinions, and whether you agree or not + reason.

Thanks in advance,
Daniel
Daniel919 is offline  
Old 08-14-2005, 04:37 AM   #2
tuff
Senior Member
FlashFXP Registered User
ioFTPD Scripter
 
Join Date: Jan 2003
Posts: 277
Default

IIRC there was a license for source for the old versions, although i dont recall d1 ever mentioning anyone who was actually interested in it
__________________
#iotools #ioftpd (both on efnet)
tuff is offline  
Old 08-14-2005, 08:29 AM   #3
esmandil
Senior Member
FlashFXP Registered User
ioFTPD Foundation User
 
Join Date: Oct 2004
Posts: 107
Default

I like this idea

One additional benefit is that I very much like some of the code snippets D1 is posting from time to time... and would like to see more of them Great for learning it is
esmandil is offline  
Old 08-15-2005, 04:04 AM   #4
darkone
Disabled
FlashFXP Registered User
ioFTPD Administrator
 
darkone's Avatar
 
Join Date: Dec 2001
Posts: 2,230
Default

For several reasons, I'm not all that worried about users finding remote exploits by investigating the source code:
1) There's so much of it.
2) Complexity of code is much higher than in ordinary multithreaded daemons. Core is not tracable by the most, because there are various processors (threads) performing each task.
3) All memory allocations are being traced, so resources leaks are very unlikely. Daemon is able to recover ~100% of time, if there is not enough memory/resources available.
4) There is no 3rd party code in the source tree (with exception of sha1 library).

But following factors prevents us from doing so:
1) Possible, and likely IP-thefts; using algorithms that have taken months to develope without permission in non ioftpd related projects. It would be next to impossible to monitor this.
2) Illegal (unofficial/underground) code branches would be likely to emerge, if we decided not to implement certain feature(s) that group of users wants.
3) While in many cases other developers could speed up the process, we would have to have a skilled person validating all the input. (outfit needs to be the same, some algorithms need to be profiled and trimmed and the most importantly, not everything is worth implementing)
darkone is offline  
Old 08-16-2005, 06:05 AM   #5
ganymede
Member
 
Join Date: Dec 2004
Posts: 46
Default

(1)
Excuse me but ......just out of interest how does - using algorithms that have taken months to develope without permission IN NON RELATED PROJECTS. -affect you... but then again maybe you think like microsoft its all about ME ME ME ME. - next you going to want to patent something *shrug*

(2)
What do unofficial underground versions matter? people who going to pirate and manipulate will do it anyways - those arent your customers and they wont affect your business.

(3)
Surely any code input is better than none.


sorry just being cynical.
ganymede is offline  
Old 08-16-2005, 11:32 AM   #6
tuff
Senior Member
FlashFXP Registered User
ioFTPD Scripter
 
Join Date: Jan 2003
Posts: 277
Default

(2) What do unofficial underground versions matter? people who going to pirate and manipulate will do it anyways - those arent your customers and they wont affect your business.

seriously, thats the most ive laughed in a bit, OFCOURSE pirated versions will affect inicom sales
__________________
#iotools #ioftpd (both on efnet)
tuff is offline  
Old 08-16-2005, 02:26 PM   #7
neoxed
Too much time...
FlashFXP Beta Tester
ioFTPD Scripter
 
Join Date: May 2003
Posts: 1,326
Default

Darkone has firmly stated his position on this issue, and no amount bickering will change anything.

Thread closed.
neoxed is offline  
Closed Thread

Tags
functions, illegal, ioftpd, secure, users

Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 10:22 AM.

Parts of this site powered by vBulletin Mods & Addons from DragonByte Technologies Ltd. (Details)