NEWS FLASH The Missing FreePBX GPL Source

[briankelly63]

Perhaps we are using the wrong word!

Let's try the word "complete"

https://www.hmailserver.com/download

 

[mbellot]

I think its depends on what the meaning of the word "All" is....

Speaker John Boehner ✔ @SpeakerBoehner
When it comes to Hillary Clinton’s #Benghazi-related emails, it depends upon what the meaning of the word "all" is → http://j.mp/1dKgKpO
9:47 AM - 17 Jun 2015

I think we need Trey Gowdy on this..

Perhaps we should also engage Bill Clinton to give us the particular definition of "is" in the statement "is available".

Perhaps Sangoma wants us to know that the source is looking for a good time, maybe dinner and a movie.

 

[wardmundy]

Day 5: Nerd Vittles article updated with (home-grown) CliffsNotes™ for the GPL to help FreePBX Devs learn what 'ALL FreePBX GPL Source Code' really requires...

 

[AndyInNYC]

Ward,

I think Sangoma may be keeping the source from you for your own good. Perhaps they believe you can't handle the source?

My apologies to Jack Nicholson <g>.


Andrew

 

[billsimon]

A flow chart of the whole module update process, including URLs and descriptive commentary, could put the whole debate to rest as well as be very educational for us. xrobau would you be up for that? I haven't followed wardmundy's investigative journalism completely (it's summer time and the outdoors are calling) but the evidence points to more than a mere misunderstanding.

I didn't get my request for a flow chart but this blog post explains a few of the mysteries. freepbx.org/node/93032

I understand the signing scheme better but still don't understand the reason for not indexing the repo. Even if the idea is to keep a malicious person from knowing the hashed filenames, it would be easy enough to get a list by examining the files and traffic of a FreePBX installation.

It seems like FreePBX Distro should have the signed module system, and FreePBX The Open Source Project should be purely unsigned. I think a lot of the murmuring has to do with the mixing of the two.

 

[wardmundy]

billsimon: You nailed it. FreePBX Distro is, and always has been, proprietary. FreePBX GUI used to be non-proprietary. The signed (hidden) modules for FreePBX 12 changed that. The lack of a secure firewall coupled with the blank check permissions that FreePBX now enjoys on Asterisk servers caused their security problems. And those problems most certainly originated with a vulnerable FreePBX module provided as part of FreePBX. Once the servers were compromised, the additional Trojan module was added, not the other way around. Attempts to rewrite history aren't going to change that.

Philippe is a good writer. Kinda funny that it took nearly 9 years (last Friday to be exact) to disclose most of this. And, as you said, it still doesn't explain why they don't provide the real source for the Cloud-based CDN that is actually used to update FreePBX using the Module Admin component. The GPL requires nothing less! Now they are arguing that the XML files and signature files aren't "code." Try running Module Admin without access to them. They are an integral component just as much as the tarballs of the FreePBX modules are. Just because it's complicated doesn't get you a free pass on the source code requirement of the GPL.

As we pointed out in this week's Nerd Vittles article, the GPL is very clear:

The “Corresponding Source” for a work in object code form means all the source code needed to generate, install, and (for an executable work) run the object code and to modify the work, including scripts to control those activities. [Emphasis added.]

 

[wardmundy]

 

[krzykat]

Is there a governing body, or anything more than people saying "you're not complying by GPL" that can be done about this?

 

[briankelly63]

Is there a governing body, or anything more than people saying "you're not complying by GPL" that can be done about this?

see:
http://pbxinaflash.com/community/index.php?threads/some-musings-on-current-events.17267/#post-111563

 

[krzykat]

Ward, correct me if I'm wrong (wife say's I frequently am) ... but are there not modules that were open source and readily readable to change and modify, that now have been locked with zendguard making them impossible to open up to modify and change as I want? Some of the open source mentions zendguard which is made for compiling and locking php code, correct?

Sorry - although addressed to Ward, anyone's explanation would be appreciated.

 

[felterbush]

I think its depends on what the meaning of the word "All" is....

Speaker John Boehner ✔ @SpeakerBoehner
When it comes to Hillary Clinton’s #Benghazi-related emails, it depends upon what the meaning of the word "all" is → http://j.mp/1dKgKpO
9:47 AM - 17 Jun 2015

I think we need Trey Gowdy on this..

I know this is old but couldnt help myself: And it runs in the family can you give me the definition of "is":