OpenBSD Journal

No more Apache updates

Contributed by sean on from the dept.

toxa writes:

According to misc@ mailing list, apache 1.3.29 is the last release shipping with OpenBSD. There will be bugfiles only but now new releases due to new Apache Software Foundation license. New 1.3.31 is already "poisoned" with it. You can easily update httpd manually but this is strictly deprecated, because OpenBSD httpd contains numerous of security fixes and improvements.We choose rock solid security, no bleeding enge bells and whistles!

(Comments are closed)


Comments
  1. By P. Pruett (68.18.4.26) ppruett@webengr.com on

    Otay... Most everyone accepts that a web server application is necessary for most Internet servers. There have been suggestions in the past that the apache web server may be better as a port, some have said the same about sendmail thou.....Many of us have to support Apache... what do we do... get stuck with the license while complaining and campaigning to have it changed? Move on to Apache 2 which already had the license issue, and has some issues with php/mysql...?would like to see some threads on this subject because it will be in issue in months to come....

    Comments
    1. By johannes (131.130.1.143) on

      I heard about these licensing issues with the new Apache license for the first time here. Has there been any previous communication about this problem with the ASF? To me the ASF usually sounds quite sensible so perhaps one could make them change their license again to make it compatible with OpenBSD's?

      Comments
      1. By krh (207.75.181.173) on

        I understand that it's a patent license thing. The new Apache license says:

        3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed.

        This is unacceptable and unhealthy, like everything having to do with software patents. Except for this one section, I think the license is fine.

        The long-term solution is to revoke and forbid all software patents.

        Comments
        1. By Stephen Paskaluk (129.128.138.50) on

          This is unacceptable and unhealthy, like everything having to do with software patents. Except for this one section, I think the license is fine.

          The long-term solution is to revoke and forbid all software patents.

          I don't support what currently happens with software patents, but shouting "Software Patents are Bad" and denouncing as blasphemy anything that acknowleges their existence certainly isn't going to help.

          Comments
          1. By Anonymous Coward (65.39.93.100) on

            Software patents are a result of a bureaucratic laziness that was drawn out by lawyers into the abusive rush for privileges and monopolies that is currently very obvious. At one time, it was required that anyone submitting a patent include a working model of the patented device.This was NOT just a cute affect! it was a literal check against the filing of "semantic patents" and enforced a degree of practicality long since lost to the USPTO. As the Nation grew, and the number of patents filed also increased, this critical check on the abuse of the granting of privilege (i.e. a Patent) was dismissed on the lazy-ass basis of it having become inconvenient for the examiners. There were too many models -gasp- , and it was too hard for the patent examiner -wheez- to work with AN ACTUAL REPRESENTATION OF THE DEVICE for which the government was going to grant exclusive license - a PATENT. It was in this way that the path to granting patents WITH NO POSSIBLE PHYSICAL REPRESENTATION began. Until this ends, we are cursed by the USPTO. We are a government of checks and balances, sometimes this results in a tad bit more work for those employed by our government. Liberty - work for it!

        2. By Anonymous Coward (208.252.48.163) on

          The long-term solution is to revoke and forbid all software patents.

          That is extremely naive and short-sighted. I'm glad you're not making the laws.

      2. By Nate (209.162.224.62) on

        No, they're not sensible. They reject patches the OpenBSD team send them and are adding to the license as "protection", they think they're doing good. They are doing the opposite to what OpenBSD is.

        Comments
        1. By Paul Pruett (68.18.4.26) ppruett@webengr.com on

          yes, and this bothers me... We don't like to be hostage to a software application, however I have been using apache for about seven years now. Past exeperience shows that if we get more than twor releases or generations behind in either software or hardware, problems occur that are usually worse than biting the bullet and trying to keep at least no further behind then one generation or version... This is more a rule of thumb that has tended to be true in the IT world. For example, openbsd doesn't activily support brances more that 2 revisions back (if you are using openbsd 3.3 you really should upgrade, and trust me -that was not a fun migration). Extending that paranoia.... I would expect after a year that if the version apache is not incremented, other ports will have issues as evolution continues. http://www.apacheweek.com/issues/04-05-14 New features The following new features have been added since 1.3.29: * the source code is now licensed under the Apache License, Version 2.0 * mod_whatkilledus, mod_backtrace: New diagnostic modules which log information about child process crashes * mod_log_forensic: New module which performs "forensic" logging

          Comments
          1. By Anonymous Coward (131.202.163.30) on

            I think an Apache/Apache2 port, *and* keeping the current fork is probably the way to go (sort of like having sendmail, but allowing it to be replaced by other MTAs in ports). Obviously, it does not absolutely have to be one or the other. Right?

            Comments
            1. By MechaDragon X (205.240.34.204) mechadragonx at autocthchonia dot net on

              What about seperating Apache (and maybe other net services like ftpd) from the base##.tgz package and adding a net##.tgz package similar to the optional GPL laden comp##.tgz and non-essential games##.tgz?

              This would also have the benifit of making a base install more of a minimalist client install for those not intending to use OpenBSD in a server environment.

        2. By Anonymous Coward (64.9.107.190) on

          No, they're not sensible. They reject patches the OpenBSD team send them

          I'm not sure how this snip works. Rejecting patches from the openbsd team is perfectly acceptable and reasonable if the patches are not in line with the development path of apache.

          and are adding to the license as "protection", they think they're doing good. They are doing the opposite to what OpenBSD is.

          This is a nice and happy statement. I simply don't agree with you. Can you tell me why this license protection is in fact "the opposite to what OpenBSD is."

          Not to pick at your grammer, but that last sentence is phrased badly enough that the meaning is not entirely clear to me.

          What exactly do you think, and why do you think it?

          Comments
          1. By Anoneemus Coward (208.59.203.99) on

            Uh, if you're going to pick on a poster's grammar, you should try not to misspell any words in that sentence.

          2. By Nate (209.162.235.146) on

            They're not reasonable when they're bug fixes. They're doing to opposite to what OpenBSD is doing, was my statement really so grossly misformed that you could not understand? The OpenBSD is trying to loosen their code of stingey bothersome lawyerese, while Apache is tacking on more.

            Comments
            1. By Eric Gillingham (2002:437d:c1f2::1) sysrq@sysrq.tk on http://sysrq.tk

              Well according to a recent post on the mailing list by an apache team member the reason for the patches being rejected is that they were to openbsd specific. If that is an excuse or fact is questionable though.

            2. By Anonymous Coward (81.178.116.74) on

              Even if they are a bug fix, they still might not be acceptable, fuckwit.

    2. By krh (207.75.181.173) on

      Well, it sounds like the in-tree Apache will receive any necessary bugfixes, so unless you absolutely must have some feature introduced in later Apache releases, you shouldn't have any issues.

  2. By Paul Pruett (68.18.4.26) ppruett@webengr.com on

    http://www.gnu.org/philosophy/license-list.html#GPLIncompatibleLicensesaccording to the gnu website:"The Apache Software License, version 2.0 This is a free software license but it is incompatible with the GPL. The Apache Software License is incompatible with the GPL because it has a specific requirement that is not in the GPL: it has certain patent termination cases that the GPL does not require. (We don't think those patent termination cases are inherently a bad idea, but nonetheless they are incompatible with the GNU GPL.)"

    Comments
    1. By Anonymous Coward (68.18.4.26) on

      lol maybe time to ammend http://www.openbsd.org/policy.html

    2. By Anonymous Coward (67.70.165.2) on

      So is this going to be another case of people forking or using something else like happened with XFree86 (Linux and BSD)?

      In other words, are the Linux folks going to see this too?

  3. By Anonymous Coward (142.165.207.162) on

    Definetly time for an Apache 2 port. I know you lose the security of the modified OpenBSD Apache, but hey - its gotta be better than running Apache 2 on a less secure OS.

    Comments
    1. By Anonymous Coward (68.18.4.26) on

      That may be. The sad thing is that even using a port of Apache is giving into using an application that does not have a pure and ethical license. Security was not the only objection to updating, the patent issue had to be a reason also.

      Comments
      1. By Anonymous Coward (64.9.107.190) on

        Ok, i'm a bit confused here. The additional license clause is a simple patent sharing clause enforcing individuals and companies to play nice with eachother. I'm curious how this is "impure" or "unethical". I'm hearing alot of "this is bad" but not much "this is bad because..." Anyone care to enlighten me? -L

        Comments
        1. By mike (80.219.125.69) on

          the bsd-style license has the merit of simplicity: - give credit where credit is due, use code as you wish. - if you shoot yourself in the foot, it is your own fault. it is so simple and free that it essentially stops anyone suing or being sued based on it. the apache 1.1 license has additional clauses protecting the Apache name and all of 57 lines. the apache 2.0 license has 203 lines, the wording is in any case more *COMPLEX* and offers room for interpretation once it gets to court, remember that how you or I interpret it is irrelevant, it is meant to provide legal protection, that is the first case will provide a legal precedent of how it is *actually* interpreted. until then no one really knows...

        2. By P. Pruett (68.18.4.26) ppruett@webengr.com on

          Rather than saying pure and ethical, let just rephrase to say that it reads as not acceptable to OpenBSD Policy - okay? Perhaps to best way to explain why the new Apache license is not acceptable to the developers of OpenBSD is to read the OpenBSD Policy page. Here are two quotes direct from the OpenBSD Policy Page: "Copyright law is complex, OpenBSD policy is simple - OpenBSD strives to maintain the spirit of the original Berkeley Unix copyrights..." "The Berkeley copyright poses no restrictions on private or commercial use of the software and imposes only simple and uniform requirements for maintaining copyright notices in redistributed versions and crediting the originator of the material only in advertising...."

        3. By krh (207.75.178.217) on

          Since I spoke so vehemently against software patents above, I feel I should reply.

          I don't object to patents. I like them, when they are used as intended--that is, to give an inventor a limited amount of time in which only he can develop and profit from his invention. Software patents are not used this way.

          To illustrate my point, let me contrast three sections of the Apache 2.0 License. The first one I'd like to quote is section 4, which reads in part, "You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium." Under the Berne Convention, if I understand it correctly, a copyright holder retains all rights to his work that he does not explicitly disclaim. This sentence disclaims the right of the ASF to control reproduction and instead gives it to the users.

          The second section I'd like to quote is also from section 4c: "You must retain ... all copyright, patent, trademark, and attribution notices from the Source form of the Work." This explicitly retains one of the ASF's rights, that is, the right to be attributed as the author of Apache. Indeed, it retains the right of attribution for everyone who has contributed to Apache, not just ASF.

          The patent license clause deals in part with rights like the first example above, and then ends with the sentence, "If You institute patent litigation ... then any patent licenses granted to You under this License for that Work shall terminate." This is a threat. In more vigorous language, it says, "Our teeth are at your throat just as yours are at ours. If you try to bite us, we will bite back."

          Maybe that sentence would seem more reasonable to me if I were a cunning businessman. I'm not. I'm an academic, and I try to be a nice guy. Making threats is not nice. I don't want to play in the same sandbox as people who threaten me. Instead I'd rather go to a different sandbox and play with myself. I really would. It may not be as satisfying as playing with others, but it's much more satisfying than having sand kicked in my face.

          If software patents were used responsible and issued only for true innovations, then I wouldn't object to them. I have strong doubts that this will ever happen, and this is why I have begun to oppose software patents on principle. It's not that computer-related inventions don't deserve protection (they do)--it's that I'm not sure it's possible to reliably distinguish between those patent claims that are truly innovative, thus deserving of protection, and those that aren't. It seems to me that forbidding software patents may be the lesser of two evils, as unfortunate as it is. Similar arguments apply to other kinds of patents; but I'm not as familiar with other types of patents, so I'm more wary of saying we should forbid those.

          The other possible solution is a reform of the patent system. By "patent system" I mean the United States Patent and Trademark Office, since I'm American, and besides, we're the ones whose patent system is embarassing ourselves. But I don't have any idea where you'd begin on such a reform. The Public Patent Foundation is a good idea--but if they are correct with their estimate that half of all patents are invalid, how can we possible begin to correct the problem?

          To be honest I think it's all pretty scary. If there were an easy and working solution, I'd be for it in a heartbeat.

          Comments
          1. By Stephen Paskaluk (129.128.138.50) on

            Since I spoke so vehemently against software patents above, I feel I should reply.

            I don't object to patents. I like them, when they are used as intended--that is, to give an inventor a limited amount of time in which only he can develop and profit from his invention. Software patents are not used this way.

            snip most of a very good post

            To be honest I think it's all pretty scary. If there were an easy and working solution, I'd be for it in a heartbeat.

            You just gave a pretty much perfect summary of my thoughts on software patents, and very well stated at that. You have to admit that was a long way from your earlier statement though :)

            As far as the threat Apache is putting forward, it is not nice at all. I can see what they're trying to do, but it certainly isn't a very BSD friendly

        4. By MechaDragon X (205.240.34.204) mechadragonx at autocthonia dot net on

          Essentially, it muddles the whole distribution. OpenBSD strives to be totally BSD licensed, but the compiler is GPL and has additional restrictions beyond the BSD license. Therefore, GCC cannot be distributed in the base system without making it effectively GPL as a whole as well.

          Although individual components may have differnt licenses, in general, the whole distribution medium will be limited to the terms of it's most restrictive license. It may even possibly be conflicted by many incompatable clauses within the various softwares if such licensing schemes are included without careful consideration.

          Lastly, modifications to Apache will also fall under the terms of thier new license. Therefore, if the OpenBSD team publishes Apache with thier patches, Apache's new license will "steal" thier work and lock it away forever in a license that the developers don't agree with.

          Comments
          1. By Anonymous Coward (67.173.245.209) on

            Holy cow, Mecha Dragon X Is soooooo smart!!!!!!!! Like, Sun ships BASH which is GPL with Solaris, so that makes Solaris all GPL too!

            Comments
            1. By MechaDragon X (205.240.34.204) on

              Holy cow, Mecha Dragon X Is soooooo smart!!!!!!!! Like, Sun ships BASH which is GPL with Solaris, so that makes Solaris all GPL too!

              Learn to read.

              "Although individual components may have differnt licenses, in general, the whole distribution medium will be limited to the terms of it's most restrictive license."

              Solaris has a more restrictive license than BASH, preventing you from redisributiing the Solaris whole, including BASH. You can extract BASH if you are so inclined, then put it on a seperate medium, but you cannot redistribute the entire Solaris installtion medium containing BASH because of Sun's restrictions on the surrounding bundled components.

  4. By Anonymous Coward (138.88.213.211) on

    I hope this doesn't mean they're going to drop support for a buildable package beyond that version number. That would strike me as going a bit off the deep end.

    Comments
    1. By Jason (66.66.149.175) on

      Ports are ports, there's little concern for license there. The base system is where the new Apache licensing really hurts, and that's seemingly where it won't be permitted. I'm sure you'll find the latest and greatest Apache versions as ports/packages.

Latest Articles

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]