Posted by driscoll
on July 19, 2005 at 10:19 AM PDT
A short blog on tainting, and how you shouldn't be worried if you look at the GlassFish codebase.
I recently had a very sincere person, who I have every reason to respect, tell me: "I thought about downloading your code, but I don't want to be tainted." He further went on to say "If you had a statement about that on your website, I'd feel better about it."
Frankly, I was a bit taken aback. Weren't we Open Source? Was this the leading edge of another Sun Evil Plot (tm)?
I was right next to Gier Magnussen at the time, so I turned to him and asked "Gier, what's Apache's tainting policy? We'll just copy that." Geir looked at me, somewhat bemused, and said: "We don't have one."
Now, this makes sense. Apache's an Open Source project, and Open Source projects don't generally worry about tainting. And up 'till now, neither have we. And neither should you. As a real, honest to goodness F/OSS codebase, you're no more tainted if you read our code than if you read JBoss' code, or Geronimo's code. Go ahead. Read it. You won't be tainted. You can't copy our stuff any more than you can copy JBoss' stuff, or Apache's stuff, without listening to the license, but honestly, this shouldn't effect you at all, any more than it effects you for any other project.
I thought about writing more, but I'm not even sure that this is necessary. Still concerned? I want to hear about it - tell me below.