zero_iq

One of the first things I did when I started experimenting with SD was a series of “the Muppets attack paris” images, with explosions, crumbling buildings, police and military response, fleeing citizens… The cheeky gleeful looks on those muppets as they flee scenes of devastation are hilarious and some of my favourite images I’ve produced!

VMS implemented ACLs in the early 80s. It’s design influenced the design of ACLs in both AIX and Windows NT.

Yep, you’re right. I was thinking of an ACL evolution/chain of influence of VMS -> AIX -> NT, but it seems VMS -> NT and VMS -> AIX as two separate histories is much more accurate. Thanks for the correction – I’ve updated my comment accordingly.

Sorry, but this is completely wrong.

Windows has ACLs and they are an important part of Windows administration, and used extensively for managing file permissions.

Windows has supported ACLs on NTFS since Windows NT & NTFS were released in 1993 (possibly partly influenced by AIX ACLs in the late 80s influenced by VMS ACLs introduced the early 80s).

ACLs were not introduced to standard POSIX until c.1998, and NFS and Linux filesystems didn’t get them until 2003. In fact, the design of the NFSv4 ACL standard was heavily influenced by the design of NTFS/Windows ACL model – a specific decision by the designers to model it more like NTFS rather than AIX/POSIX.

Technically, at the filesystem level, exFAT also provides support for ACLs, but I am not sure if any implementation actually makes use of this feature (not even Windows AFAIK, certainly not any desktop version).

Ah, OK. So it seems it’s a case of the spirit of the text not matching the precise technical wording used. IMO, the legislation clearly intends to exclude freely-distributable open-source software, but the issue lies with what constitutes a commercial activity. (I’ve not yet checked the rest of the document to see if it clearly defines “commercial activity” in relation to the legislation.)

TBH, it seems that what is needed here is a clarification and tightening up of definitions, not wholesale rejection of the legislation.

Why is everyone up in arms about this?

The legislation specifically excludes open source software. Has nobody in this discussion actually read the proposed legislation?

From the current proposal legislation text:

In order not to hamper innovation or research, free and open-source software developed or supplied outside the course of a commercial activity should not be covered by this Regulation. This is in particular the case for software, including its source code and modified versions, that is openly shared and freely accessible, usable, modifiable and redistributable.

There is also a clause that states those using open source software in commercial products must report any vulnerabilities found to the maintainer.