When I started work on NeuDist a year or so ago I picked the Apache license for the project. I replaced “Apache” with my own names etc of course. But I was never completely happy with the idea of using it for this kind of software. Now since I renamed it NeuClear I decided it would be a good time to think about changing the license.

Why? Mainly because I want to be as certain as possible that there arent backdoors in software based on NeuClear. I am a believer in absolute transparency in security and dont want to give banks/isps etc the opportunity to do funky stuff with your transactions.

The ultimate license to ensure openness is ofcourse the GPL which ensures that the source for any software using it must be published. I am a bit unclear on a few points here though. Maybe someone can help me out.

My guess is that many of the services running using NeuClear in the future will be inhouse developed services that are never distributed outside the companies providing the service. I can see that they would not be happy about publishing their internal source code publically (even though I think it would be a great idea).

As far as I can understand from the GPL FAQ as long as they dont distributed their software outside their organization they wouldnt have to distribute their source. This means that GPL might work just fine. I was planning on using the LGPL and may still do so if I hear to many naysayers about GPL.

The only other thing that I would like to see that I dont think any license has so far, is some extra clause in the GPL to require a periodical external audit of said inhouse services with the audit report made public. I think that would make a strong case for writing secure software and being accountable for it in the financial software world.