Jamie Zawinski, co-founder of Netscape and Mozilla.org, creator and author of the XEmacs XScreenSaver project, talked about copyright infringement in screensaver code protected for gnome screensaver and also parted ways with his mate-screensaver and cinnamon-screensaver projects.
It is alleged that the author of gnome-screensaver copied most of the code of the XScreenSaver project and then changed the license of the code from BSD to GPLv2 without permission. Initially, a note was left in the source code that the project was based on the code and ideas of Jamie Zawinski, but was later removed.
In 2004, which is now seventeen years ago, I wrote a document explaining why I made the design tradeoffs that I did in XScreenSaver, and in that document I predicted this exact error as my example of 'this is what will happen if you don't do it this way «.
I just found out that in addition to gnome-screensaver being unsafe garbage, they also copied much of my wholesale xscreensaver code, removed the BSD copyright notice, and replaced it with GPL. Nice work guys ...
Dude, you copied most of fade.c, among others, * removed * my name, copyright and license, and put your name and license at the top. If you think I gave you permission to re-license my BSD-licensed code as GPL, please prove it.
As an example, the fade.c file was copied from XScreenSaver with almost no changes. Therefore, any Linux distribution that includes gnome-screensaver, mate-screensaver, or cinnamon-screensaver contains code that infringes copyright and license.
According to Zawinski, if the author of gnome-screensaver asked him for permission to license the code with dual licenses, I would probably agreebut if asked about the possibility of removing the mention of him and assigning someone else as the author, he would decline.
The gnome-screensaver author replied that this issue was discussed before the code was published and tried to mention Zawinski in the author list, but there was a security issue.
"Just discovered", but we discussed it at length before it was published. 2. Your security arguments turned out to be incorrect. So stop? 3. I did my best to give you credit; a nuanced look would reveal it. 4. There could be more discussion if there is good faith
The situation is not detailed, but it is possible that Zawinski did not want his name to be associated with programs that have potential security problems (for example, a few years ago due to security there was a conflict with Debian and Zavinski asked to remove XScreenSaver from the distribution due to outdated version delivery).
At the same time, Zawinski insists that he did not give his permission to re-license the BSD code to the GPL and if not, ask for proof.
Jamie Zawinski is not trying to make a profit for himself, rather, he only demonstrated this fact, as an addition to his published article on the carefree attitude towards security and bug fixes in modern screensavers, written after the vulnerability in the Cinnamon screensaver and the problem in the guardian that emerged screen mate-screensaver, which remains unpatched for two years.
In 2004, Zawinski wrote an article warning about the inadmissibility of complications in screensavers and the inappropriate use of GTK and additional libraries in such programs.
As an example, screen reader support has been shown to, tools for people with disabilities and advanced input methods, taking into account the existing lock screen architecture in systems based on the X11 protocol, can lead to vulnerabilities, and due to the complexity of such systems, avoiding problems will be very difficult.
Since then, similar vulnerabilities have appeared regularly in sophisticated screensavers and the last one was the vulnerability in the Cinnamon screensaver, exploited through the virtual keyboard.
Finally, if you want to know more about it You can consult the discussion between both authors in the following link or also the publication made by Jamie Zawinski this link.