Microsoft has a different definition for “Open Source”

The Microsoft Web Protection Library, commonly referred to as AntiXss (the previous class name) has had a bit of a vulnerability. Now we all know that vulnerability and Microsoft usually go together like chicken and eggs, but you see what makes this different is that it’s an apparent earnest effort at an Open Source project. Unfortunately, the newest iteration of this project, 4.2 breaks everything. This isn’t unusual by itself either as that too is a Microsoft staple and indeed other projects have faced similar issues with “fixes”. What is unusual is that MS has reinterpreted the meaning of Open Source and removed all previous binaries to the library that actually worked, even with the vulnerability (thereby making it non-Open), and the sources for the 4.2 “fixes” are still unavailable.

Now I’ve read the FAQ for Open Source, but I couldn’t find single instance where this behavior would fit under the term. I scanned through the FAQ again, and found a behavior similar to what MS is actually doing and came across the following :

What if I do not want to distribute my program in source code form? Or what if I don’t want to distribute it in either source or binary form?

If you don’t distribute source code, then what you are distributing cannot meaningfully be called “Open Source”. And if you don’t distribute at all, then by definition you’re not distributing source code, so you’re not distributing anything Open Source.

Interesting…

What’s more, “Barry” the coordinator of the project on CodePlex has stated the following when another user wanted the sources listed :

The source branch for 4.0, release, is available – the dates don’t ever match due to the way we publish.

The source for 4.2 is not available – it takes a bit of cleaning before publication (we usually have a 1-2 week gap), and as we’re working on getting the sanitizer functional again for 4.3 taking the time to publish the 4.2 code would remove effort from tracking down what is going on.

That’s not quite what it means to be Open Source, Barry.

But earlier on the same thread he had said :

It’s company policy I’m afraid. The source will remain though, so if you desperately wanted you could download and compile your own versions of older releases.

Notice it wasn’t project policy or community policy. But it was company policy; meaning Microsoft has a different definition of the term Open Source.

So AntiXss is no longer an Open Source project.

4 thoughts on “Microsoft has a different definition for “Open Source”

  1. It’s such a shame no other company offers software products to provide an alternative to microsoft ;-)) and why does Darth Vader’s theme always start up in my head when I read about them?

    • Yeah, the Vader theme comes up with very good reason.

      Although after their latest antics, I’m also hearing Yakety Sax in the background. I mean this stunt is just plain ridiculous.

  2. Pingback: Microsoft has a different definition for “Open Source” « This page … | Open Hacking

  3. Pingback: Giving up on ASP.Net | This page intentionally left ugly

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s