Contributed by Dengue on from the waffle dept.
(Comments are closed)
OpenBSD Journal
Contributed by Dengue on from the waffle dept.
(Comments are closed)
Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]
By methodic () methodic@libpcap.net on http://www.libpcap.net
By Darren Reed () on
made an informed comment about this issue.
Strangely it was not Theo or any of the
illustrious leaders of any project.
Unfortunately for most of you, it was a private
comment and the person involved actually knew
real things about contract law, etc. I've asked
them to make the comment public but so far they
have not (they also pointed out that it was not
legal for OpenBSD+crypto to be shipped out of
Canada prior to BXA changes so long as the crypto
originated from the USA).
If Theo or anyone else actually knew something
then they'd have ignored this just as everyone
else should. Obviously everyone thought they
knew better when in fact they knew jack shit.
In short, it meant that whilst possible to make
such changes, they would be thrown out (if ever
an attempt was made to enforce them) by any half
decent court.
I won't bother to mention that this change has
only been present in a version that was made
available for testing purposes only and was not
an actual release. Given the amount of crap you
all decided to fling my way you'll find various
other changes, from time to time, in that LICENCE
file as it suits MY needs. Maybe if you all had
not of made such asses out of yourselves I'd not
bother but the way you all think you know it all
really bothers me. This applies to people from
NetBSD and FreeBSD as well as OpenBSD.
IPFilter IS NOT and HAS NEVER been a community
project unlike what some people claim. There have
been maybe a handful of people who have actually
made any sort of significant contribution via code
and even then it's more to help themselves as much
as it is IPFilter.
Other claims such as "you don't buy back our
changes" are also a load of horse shit as I can
confidently state that (for example) changes made
by Theo to how securelevel is used within IPFilter
were NEVER posted back to me so how he expected me
to BUY BACK those is left for you to work out. I
spend enough time making it work on other
platforms and have little time to go chasing what
other changes people make. Bad enough that I had
to seek out and incorporate some changes such as
the timeout changes in OpenBSD myself. Nobody
even bothered to tell me about those and that was
months ago.
To go with all this crap, Theo even made threats
about "I'll get the press onto you" and as a
result some leper from LWR sent me an email saying
he was doing an article on licencing this week.
Threats do not scare me and I'll navigate IPFilter
as I want to, not how some lamer in Canada thinks
I should or how any other jock anywhere else wants
me to. IPFilter is *MY* project and not anyone
else's.
As you may have guessed, the attitude people took
in their email to me has really got my goat and I
care a whole lot less about a whole lot of BSD
things as a result.
p.s. if the editor removes any of that then he's
just as much of an ass as the rest of you, except
if he deletes this "p.s".
By mirabilos () on
By proof () proof at ifconfig dot net on http://ifconfig.net
I hope no relationships were severed over something this small. No one's life is at stake, right?
--Matt
... me goes back to listening to "The Sounds of Science" by the Beastie Boys
By ted () grendel@heorot.stanford.edu on mailto:grendel@heorot.stanford.edu
* Redistribution is not permitted.
but the individual files don't. so maybe it's not ok to redistribute the whole package, but individual files can be. ipf.c contains:
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
By COUDERC Damien () on
IMHO ,this is the best packet filter we can find in the world ...
But now, i see that my favorite os project is in war with my favorite packet filter ... this is really annoying.
I think that ipf made *BSD better and that *BSD help to demonstrate that ipf was better.
But now if in the future ipf cannot be included in the default install, and if it is replaced by another filter of the same level, my choice will be quickly done.
I use OpenBSD for a lot of reasons, and one of them is that i can install this os in 10min, so i don't want to lost time in installing ipf as external package.
Now why launching a war against us if you have a problem with theo ? We all know that theo is hot-tempered, but is this a good argument to put fire BSD community under fire ?
Anyway, i hope that this is only short time misunderstanding ...
COUDERC Damien
By David Xu () davidx@viasoft.com.cn on mailto:davidx@viasoft.com.cn
rely their PACKETE FILTER on one person's toy
package --- IPFILTER. fortunatly, FreeBSD has
its IPFIREWALL, I don't use IPFILTER, so I don't
care if IPFILTER will be in *BSD.
Thanks,
By Intrepid| () intrepid@pobox.com on mailto:intrepid@pobox.com
So, don't worry.
Joy. What a bloody mess.
Unfortunately, and I really mean that, Mr. Reed seems to have the legalities behind him on this. So whoever that private individual was whom he states contacted him via email to tell him this, well, they were right. Copyright law for non-visual works grants exclusive rights to the author the rights of distribution, reproduction (making copies), and derivations (modifications).
Note that by exclusive rights, I mean exclusive rights given to the author, which some may confused with the use of exclusive rights in copyright agreements, which are rights of copyrighted works wholly transferred to another--a different issue.
Anyways, more to the point. The IPFilter license does not specify the last right, the right to modify. And the author retains those rights which are not specified (the rights are exclusive and inclusive, meaning that the rights are retained unless stated otherwise).
Some of you out there may have noticed that Mr. Reed's IPFilter license did not include the frequently seen statement "All rights reserved" in his copyright notice. You may have interpreted this as a potential loophole. Under current law, you don't need that, so throw that theory out the door. He retains the right to modify, as he clarified.
So far, I've really been talking US copyright law. But notice, that unlike crypto laws, copyright laws seem to extend from the author and go country to country, taking the shortest route. iow, even if copyright law in one country may somehow allow modifications, even if those other-country-legal modifications came to the US, the author (Mr. Reed) can claim copyright violations on US soil for US participants of that other code.
Translation: This situation utterly sucks.
While I agree with Mr. Reed's copyright claim, that's all I agree with. I do not agree with the sentiments that have come out of his clarification from him, particularly on this forum. And, in my personal opinion, the community has been misled. While Mr. Reed is under no direct obligation to enlighten us (users, developers, or project leaders all) of our mistake, he certainly did know of this limitation in the license, and, most importantly, he knew that the majority of the community generally was not clear on it. Even if project leaders or developers knew, *most* people did not.
To (loudly? clearly? finally?) inform us on this late certainly doesn't make Mr. Reed a monster or what not, but to consider the whole picture, it also isn't exactly the actions of a person concerned with the community. Combine that with what this license clarification means...
What does this clarification mean? To me, it seems that that if Mr. Reed does not port the code or grants someone else permission to port the code to a particular OS and the default IPFilter code does not work on that OS (even down to the version and incremental OS updates), it violates his copyright if someone distributes code to make IPFilter work. Even if done as a patch (a derivative work is a derivative work, regardless of form--you can see more on this if you look at fan extended stories/works of TV series or movies).
It doesn't matter if Mr. Reed drops his code deliberately or not--if he passes away, if he's behind keeping up, it's still a violation. Worse, he can reassure us all day that he will continue to provide updated code to all the BSDs, and then, one day, stop doing so. If an incompatibility or security hole comes up that he does not correct or grants permission to someone to correct, we're screwed.
iow, it would appear that he controls features, code updates, security fixes, which OS it gets ported to, which version of IPFilter runs under what OS version, etc. He could, if under the current license, even play around and do favorites--maybe he decides he likes one OS better than another, so he'll update that one faster. Or feels the FreeBSD community is treating him a better, so he'll implement the latest and greatest for them first, with a large wait before seeing the changes implement in "competing" OSs.
Note that I'm not saying that these things will come to pass or that my paranoia is accurate, but we also have no concrete and definitive knowledge under the current IPFilter license that they will not.
Unless there is a change in the IPFilter license, I think an OpenIPF project may be warranted. If and until it does, in the meantime, I would urge people to politely ask Mr. Reed to change his license to save us both time and prevent a duplication of effort. IPFilter is excellent software. Just the license stinks.
P.S. Note that this is not a failing of a BSD license. IPFilter's license simply is not a BSD license--the BSD license, both the original and the one without the advertising clause, clearly grants the right to modify code.
P.S.S. Copyright extends to pseudonyms (actually, they are granted very slightly more rights than individuals) and to all posted works, even if without a copyright notice given. Funny, eh? :/
By Paulo Laureano () pls@mrnet.pt on http://pls.mrnet.pt
However I will go with whatever package OpenBSD adopts. I trust the OS package more than the ports (for obvious reasons) and the only way I would use a port (if at all available) would be for the lack of another option.
I feel sorry for all this mess...
By Roland Goetz () Goetz.R@t-online.de on http://home.t-online.de/home/Goetz.R/
Sincerely yours
Roland Goetz
By Darren Reed () on
You will all be pigleet!
By Ron J. Foster () robjamesfoster3@yahoo.com on mailto:robjamesfoster3@yahoo.com
Darren Reed: It's advisable for both our parties to come to an agreement shortly about this licensing dilemma. At this point we have two options, a license that we can use or creating our own project. I can't stress enough how the latter is a bad choice, but we'll do what we have to do; I hope you understand.
All the rude posters: Are you actually coding software, are you going to contribute to the OpenIPF effort, because if your not going to I suggest for everyone's benefit you don't give the hard working developers MORE work to do. This isn't about politics, or about who is right, or who is the bigger man, it's about being about to run a fully free and modifiable operating system at work or at home. We could have possibly dogged this bullet by being nice to Darren from that start, he may had changed the license right away for us.
Darren, I apologize for everyone that has been giving you slack recently about this situation. Your IPF is necessary one way or another to the OpenBSD effort, you have done a wonderful job coding and designing (people often forget this time consuming part), and we as a whole would like to start over with you. Please consider modifying your license asap so we can all go back to getting our work done. There are already to few hours in the day.
Rob.
By tom () tom@plantin.com on mailto:tom@plantin.com
Darren I do really apologies for all the mess here... I did not intend to start such a war, really.
Btw you have to admit that changing your license in such a way is not acceptable for those people who write code and whose project depends, for a great part, on your IPFilter. Your license is not applicable to free software projects, I'm sure you do agree.
Now the big question is : do you want, or not, your piece of software (a great piece, indeed) to take part of free software projects? I hope you do. Things must be clarified.
By Lamont Granquist () lamont@scriptkiddie.org on http://www.scriptkiddie.org/
If Theo was actually an adult he'd accept your licensing restrictions and then make a choice about weither or not to include your code in the OpenBSD project.
By Anonymous Coward () on
This leaves the following choices.
1. Start a new project or find another one.
2. Accept Darren's interpretation and work with him to allow its inclusion in OpenBSD
3. Work with lawyers to find a legal loophole that would make a fork legal.
I believe that it is quite clear that Darren perceives the license as one similar to how Microsoft allows some of its customers to view its source without conveying additional
Unfortunately the failed expectations of many have lead to many heated discussions.
By Blah () blah@[127.0.0.1] on http://localhost
From: Theo de Raadt
To: tech@cvs.openbsd.org
Subject: ipf
Precedence: bulk
sometime in the next 20 hours, i will be removing ipf from the source
tree since it does not meet our freedom requirements, as have been
outlined in policy.html and goals.html since the start of our project.
we will have to work on an alternative.
By ted () on
darren's license doesn't let you modify the software. that means you can't add a feature or fix a bug. so you can't submit patches to darren. all of the code in ipf that was submitted by contributors is illegal. they modified ipf - they broke the license. they distributed a modification - they broke the license again.
if you are going to literally read exactly what the license says, that's what it means.
darren, maybe you're still reading. hopefully you realize that all the submitted code is now illegal, by your definition. so are you going to remove it? (i think that'd be pretty stupid, but that's what your interpretation of the license would require.)
By BluNereid () on
[rr-n1-tor.opensrs.net]
Registrant:
OpenBSD
600 N. Chowning Avenue
Apt. W110
Edmond, OK 73034-5110
VI
Domain Name: OPENIPF.ORG
Administrative Contact:
Fries, Todd todd@fries.net
600 N. Chowning Avenue
Apt. W110
Edmond, OK 73034-5110
VI
405-715-4168
Technical Contact:
hostmaster, monkey.org hostmaster@monkey.org
PO box 2031
ann arbor, mi 48106-2031
US
734 623 0456
Billing Contact:
Fries, Todd todd@fries.net
600 N. Chowning Avenue
Apt. W110
Edmond, OK 73034-5110
VI
405-715-4168
Record last updated on 29-May-2001.
Record expires on 25-May-2002.
Record Created on 25-May-2001.
Domain servers in listed order:
NS0.FRIES.NET 206.30.141.10
NS1.FRIES.NET 208.128.7.232
By Raymond Causton () rc at iki.fi on mailto:rc at iki.fi
First of all I'd like to extend my gratitude to you for creating my favourite firewall/filtering package for OpenBSD. Expecially I like the syntax of ipf's rules as they are the only human readable ruleset language I've found uptodate.
How I perceive this entire mess of flaming each other about the license is very childish and doesn't do any good to any party in this discussion.
I acknowledge that you have all the rights in the world to distribute your code and binaries just as you wish with the license that you wish to use.
All I'm worried about is that if (as) your license change has prompted ill actions from all *BSD projects we in the user community will be left without uptodate protection from the threats coming from the Internet.
It seems that the main concern of different *BSD projects is that they are not able to apply fixes in to their operating system as they are found because of the modification restriction in the license. It seems that this translates to the fear of what if you will not have time/interest to support operating system Y in the future and they are restricted from helping themselfs to fix possible problems because of the modification restriction.
My suggestion would be to start negotiations with the *BSD projects to settle this dispute between you and the different projects by granting such licenses to the different Open/Free/NetBSD projects that ipf may be used and modified by the projects when used in their respective *BSD operating systems. This way you retain control over the general use and modification of ipf and most likely this would give enough leeway to the different *BSD projects aswell.
I hope you read this before this dispute goes too far to be settled peacefully.
Yours Sincerely, Raymond Causton ITSec Professional
By Anonymous Coward () on
All that matters to me is IPFilter
Good, now go install and boot IPFilter.
bwahaha!
By Jason Consorti () nunya on http://www.consorti.com/jason
From what I can gather from Darren's postings here and the ipfilter mailing list, it seems that for the history of the project, Darren was himself under the impression that his license allowed use AND modification with trivial restrictions. Then, after some kind a of disagreement with Wasabi and/or OpenBSD, he got angry and wanted to find out what he can do about his project being used by other projects. After talking to a lawyer, he discovered that his license never explicitly said anything about "modify" and he decided to play that card against Wasabi and/or OpenBSD.
Read the following (in no particular order):
http://false.net/ipfilter/2001_05/0458.html
http://false.net/ipfilter/2001_05/0512.html
http://false.net/ipfilter/2001_05/0332.html
http://false.net/ipfilter/2001_05/0348.html
Don't take this as an opinion of anything that has happened; I don't know enough to form one.
By Buck Pyland () buck@bfg9000.localdomain on http://www.stlbsd.org
Summary for the mentally retarded in this issue:
1) Theo & co. should have seen this coming before including ipf in OpenBSD.
2) Darren should have made his license totally clear and unambiguous from the start.
3) Both the aforementioned persons have severe personality problems, but nothing that Prozac and a .38 caliber bullet to the head wouldn't cure.
4) Everyone else should just relax.
By RoadKiLL () on