OpenBSD Journal

OpenSSL gets the fork!

Contributed by jose on from the crypto dept.

Josh Steele writes:
"In a message from Theo, sent to the misc@ mailing list:

"In such a way, by means of the slippery slope, a free software project becomes not as free, and eventually, less and less free.

Before anyone speaks up about and says "that restriction does not affect me". It does indirectly affect you. It means that some other vendor that uses this code, and subsequently ends up having a spat with Sun, ends up wasting money on legal efforts, and our entire society pays for that. My take on it, is that this is the way the legal industry ensures itself future work.

On the other hand, here in OpenBSD land we will continue to strive to make our software more and more free. We've been squishing odd license terms which contain non-free restrictions throughout the source tree for about 2 years now." "

I have truncated the message below, but you can find Theo's full message here and the whole thread on the subject in the mailing list archives . The subject is the inquiry is donation by Sun of ECC support to the OpenSSL project. While having ECC would be very nice, at what cost do we accept such a gift?

(Comments are closed)


Comments
  1. By Anonymous Coward () on

    Yay, Theo!

    Tell it like it is and fork away for freedom.

  2. By Anonymous Coward () on

    I believe what Theo is saying is right, software should be free for all of us. Programmers need it, business need it, everyone. Its sad to see any type of software take a turn like that.

  3. By Anonymous Coward () on

    Why use the best tool for the job when you can throw a trantrum and fork your own?

    Comments
    1. By Anonymous Coward () on

      Do it now, or do it later. Better to fork it now, while we can, and its under a license we like. Cryptography is a critical part of OpenBSD, and its something thats best to play safe with. This IS the right decision -- if for no other reason that it does no harm. Also, "The Fork" will still be the same "best tool for the job" as we've been using for aeons. Now its just more controllable, and OpenBSD's cryptography core is now protected!

      I believe that time has shown that Theo's decisions of what to bring in, take out, and completely exclude have proven very fruitful.

      It helps create the best, most secure BSD Licenced OS around. You might not see it, but licensing is VERY important.

      Comments
      1. By mirabile () on

        Full ACK. <br> <br> Hell, even pppd has become free except for the <br> chap protocol files (chap.[ch]), which might <br> become free, rewritten or removed. <br> Why not? <br> <br> It tells people to do it better. Look at Darren <br> Reed, what kind of poor person he now makes on <br> the mailing lists (though I think he makes some <br> interesting contributions, too).

        Comments
        1. By mirabile () on

          Sorry about the evil-looking post. Blame deadly,
          not me (I just followed the instructions).

    2. By Anonymous Coward () on

    3. By Anonymous Coward () on

      Why use the best tool for the job when you can throw a trantrum and fork your own?

      Because you get OpenSSH, pf, and even OpenBSD itself.
      I hope he keeps throwing tantrums, it makes my life and my work easier!

    4. By Anonymous Coward () on

      Why use the best tool for the job when you can throw a trantrum and fork your own?

      Tantrum? You must be imagining things.

      You may as well give up trying to misdirect the OpenBSD users here with facetious and rhetorical questions. We know better. Maybe someday you will too when you learn that 'free' software doesn't just mean that you don't have to pay cash for it.

      Right now, it means more that you can imagine. Practice imagining something other than imaginary tantrums on the parts of others. You'll feel better for it.

    5. By Anonymous Coward () on

      Trantrum? Exactly what in that message led you to believe the person was having a tantrum?

      What you be smoking, because I wanna stay away from it....

  4. By Anonymous Coward () on

    I read the entire thread on misc and I don't understand how Sun's verbage that you can not sue them is any different than the wording of OpenBSD that the developers and contributers aren't responsible for anything that happens when you use their code. I think that Theo needs the a new OpenBSD Journal Crack Pipe for all the rock he is smoking...

    Comments
    1. By Anonymous Coward () on

      Sun's license is restrictive.

      We dont like that.

      We circumvent it legally.

      We be happy, mon!

      Comments
      1. By Anonymous Coward () on

        The BSD license is 'restrictive'. Theo's license on the CD images is very 'restrictive', what is the issue?

        Comments
        1. By lt () on

          BSD license is restrictive? Why do you say that? I always felt that the BSD license is one of the most unrestrictive opensource licenses around.

          Can't say the same about the license on the CD images though.

          So, why do you say the BSD license is restrictive?

        2. By Anonymous Coward () on

          " license on the CD images is very 'restrictive'"

          Er... the CD images are copyrighted - I didn't notice anything about a specific -license- for the CD's.

          Please read the FAQ before posting incorrect information. Here's a link to help you out:

          http://www.openbsd.org/faq/faq3.html#ISO

          Comments
          1. By Anonymous Coward () on

            The copyright is restrictive, does that make you happy?

        3. By Anonymous Coward () on

          BSD License is basically as unrestricted as you can get without going Public-Domain...

          I LIKE GRAVY MON!

    2. By Anonymous Coward () on

      From my understanding, Sun wants to stop anybody that uses the code from suing them about anything ever - not just anything that stems from using their code.

      Comments
      1. By Anonymous Coward () on

        From my understanding, Sun wants to stop anybody that uses the code from suing them about anything ever - not just anything that stems from using their code.

        IANAL, but I don't think those types of clauses hold up...

      2. By Janne Johansson () on

        Yes, this is the point.

        You use/deploy/have ECC because its there.
        You develop non-free code X.
        Sun steals code X.
        You want to sue Sun.
        Sun sues you back for using ECC.

        See how this leads to you getting screwed bigtime?

        It's not about using ECC per se, its about accepting
        that Sun will make you bend over if they steal
        _your_ stuff. What the license is saying, it that
        you let them do whatever they like, and if you
        want to sue, you already lost.

    3. By Anonymous Coward () on

      If you did indeed read the entire thread, it should have been CRYSTAL clear to you. Free software means just that, FREE, without restrictions. Whether it can ever be exercised in court is entirely beside the point and rather after-the-factish.

    4. By Anonymous Coward () on

      You don't understand and therefore the other party is wrong in their opinion? What the heck.

      Declaration of non-responsibility is for the intent of nonsuitability. The directly makes the code more free as MORE people contribute, there is NO STATED accepted use for the code, and there is NO OPINION granted of such uses. It does afford legal protection.

      However, that is clearly and blatently different than a legally binding constraint of a license aka contract of not being able to sue for simple use.

      Also, the context of the license must be taken into your opinion--Sun is a competitive company. The OBSD team/project/community is not a for capitalistic (I'm not saying there is anything wrong with capitalism, but there is a difference in how one thinks and approaches legal battles) intentions.

  5. By Anonymous Coward () on

    I think someone should pay a real lawyer to interpret what Sun is saying and what changes, if any, it makes to the license provided with OpenSSL. I don't see how Theo or any of the OpenBSD team (that don't have law degrees) is actually qualified to comment on it with any real degree of accuracy. They may find it too complex to understand but if that is the case, they should get a professional opinion before going off like a raving lunatic.

    Comments
    1. By <font color="#336666"><b>Re: Pay a real lawyer<- Not the Point< () on

      Thus Spake Theo:

      So why even BOTHER wasting your time trying to understand what they say?

      Who cares if it is legal or not! We're not going to want to go quibble in a court! We're trying to make it so simple that something can't even GO to court, because it's free and, anyone can tell that it is free because the language used to say so is SIMPLE.

      Comments
      1. By <font color="#336666"><b>Re: Pay a real lawyer<- Not the Point< () on

        It would be cool if the OpenBSD project ended up employing a host of lawyers, all billing their hours at rates grossly in excess of whatever meager sustenance the actual developers derive from the project.

      2. By <font color="#336666"><b>Re: Pay a real lawyer<- Not the Point< () on

        Exactly. Don't bother with it if the community doesn't understand the language of the license(reason the BSD license is used); this takes the Lawyers(middle wo/men) out of the loop.

  6. By D Dulay () on

    After reading the thread and license verbiage, I am wondering if you have to accept this gift or would be able to avoid these license terms simply by not including Sun's code. So could someone please clarify -
    * Is Theo rejecting Sun's contribution because of its new licensing limitations?
    * Is Theo rejecting OpenSSL because the entire package now includes the restrictive Sun licensing?
    Or,
    * Is Theo rejecting OpenSSL because they accepted this code from Sun with the new limitations?
    Or possibly something else?

    Comments
    1. By Anonymous Coward () on

      Is Theo rejecting OpenSSL because they accepted this code from Sun with the new limitations? Seems to be the most correct, based on the mailing lists.

    2. By Anonymous Coward () on

      Yes, no, yes, and yes.

      Sun's license imposes restrictions on the use and modification of their code. The entire OpenSSL project is not licensed under the new conditions. But the OpenSSL project has accepted such conditions in what may eventually become a core part of their software. Consequently the entire OpenSSL project, and its ensemble of source files, is not, taken together, free; it contains tainted components.

      I hope, however, that OpenSSL does not fork. I hope instead that the OpenSSL developers relent and agree to remove Sun's code so long as Sun's restrictions are attached.

      Comments
      1. By D Dulay () on

        OK, this is starting to make more sense to me now.

        Also see Markus Friedel's excellent summary that enumerates the affected parts of OpenSSL, http://marc.theaimsgroup.com/?l=openbsd-misc&m=103286728829338&w=2

        Very disappointing.

  7. By Anonymous Coward () on

    Three Rings for the elven kings, under the sky
    Seven for the dwarf lords, in their halls of stone
    Nine for mortal men, doomed to die
    and one for the Dark Lord, on his dark throne
    in the land of Mordor, where the shadows lie

    Comments
    1. By Anonymous Coward () on

      oh dear

    2. By Anne onyme () on

      a)really-openssl
      b)open-openssl
      c)never-see-the-sun-openssl

      Comments
      1. By Miod Vallat () miod@openbsd.org on mailto:miod@openbsd.org

        None of these.
        The best name is obviously... ajarssl

        Comments
        1. By Anonymous Coward () on

          The best name is obviously... ajarssl

          oh come on, Miod. did you even give TrustedSSL, ClosedSSL, or MicroSSL a chance?

          Comments
          1. By Anonymous Coward () on

            TheOpenSSL

            Comments
            1. By Anonymous Coward () on

              th3 cr4zy w4rez!

            2. By Anonymous Coward () on

              SSLaid
              OpenSSchneLl
              TheOSSanaL
              RealOpenSSL
              ROSSL
              ROFL

              And now more serious:
              OpenSSL is already taken, that's too bad...

              Comments
              1. By Anonymous Coward () on

                You've all forgot the best possible option:

                OpenOpenSSL.

                Comments
                1. By Anonymous Coward () on

                  How about OBSDSSL? or just OSSL?

                  Comments
      2. By Sebastian Stark () on

        How about keeping OpenSSL and rename the old thing to "haSSLe"? or "tuSSLe"? haha... what a useless post...

        Comments
        1. By zil0g () on

          haha, i like FooSSL

          sounds like 'fossil' doesen't it?

    3. By Anonymous Coward () on

      Oops, that might draw the lawyers

      Comments
      1. By RC () on

        How about "SUN Lamps"?

        If it did get taken to court, Sun would loose, as their trademark is more general than "Windows", and Microsoft lost their fight with Lindows.

        Comments
  8. By rdan () on

    Wonder what the other free soft advocate (RMS) would have to say about it...?

    Comments
    1. By Anonymous Coward () on

      RMS does not advocate free software, so I personally don't care what he has to say about it.

      Comments
      1. By Anonymous Coward () on

        theo is the rms of the bsd world.

        Comments
        1. By click46 () click46@operamail.com on www.genmay.net

          RMS is an idealist.
          theo codes.
          get it right.

          Comments
          1. By Lamont () lamont@scriptkiddie.org on http://www.scriptkiddie.org

            RMS is a c0d3r as well:

            AUTHORS
            Emacs was written by Richard Stallman and the Free Soft­
            ware Foundation. Joachim Martillo and Robert Krawitz
            added the X features.

          2. By Anonymous Coward () on

            i am right :)

            rms -> does what he thinks is right without compromise, no matter who he pisses off.

            theo -> *cough*

            Comments
            1. By fansipans () on

              >> rms -> does what he thinks is right without compromise

              precisely. and what what he thinks is right is flat wrong. and commie-ish. and viral.

              Comments
              1. By Anonymous Coward () on

                i think you missed my point, theo has the same trait.

                Comments
                1. By fansipans () on

                  for the sake of context let me quote the post to which i responded:
                  i am right :)

                  rms -> does what he thinks is right without
                  compromise, no matter who he pisses off.

                  theo -> *cough*

                  theo only has the same trait to the extent that his external actions & appearance are similar. the underlying motive and intent is wildly different. you could say the same thing about hitler, stalin, pol pot, kim jong il II, just to name a few. does that mean that mean that rms, theo, and a group of murderers share anything important? no. what does matter are their core beliefs. thug murderers want to tell you how to live your life, rms wants to tell you what to do with your software (share it, by force), theo wants to tell you THAT YOU CAN DO ANYTHING YOU WANT WITH HIS SOFTWARE . that is truly free software. closed source baby mulching machines. i have a right to enter into free contracts, others have a right to choose whichever license they see fit for their own software (it's called property!). what i DON'T have a basic, natural, eternal right to is somebody elses source code, regardless of where they got their original code base.

                  i've said it before, i'll say it again: the gpl is a virus.

                  Comments
                  1. By Anonymous Coward () on

                    uh, where did i mention the GPL? you seem to think i agree with rms and use the GPL.

                    you seem quite closed minded. we agree with each other you dickhead, seems like you just wanted to rant.

                    oh and theo doesnt look anything like rms. a few miles on a bike and a shave would do rms well.

          3. By Anonymous Coward () on

            RMS is a moron.
            Theo is not.

            (Have you read the GPL? It's not a software license, it's an anarchist manifesto.)

            Comments
            1. By Anonymous Coward () on

              You got a problem with anarchism, punk?

              Comments
              1. By Anonymous Coward () on

                Yes. Large-scale anarchism is impractical. There are, unfortunately, too many jerks to make it work. If that were not the case I might agree with you.

    2. By Anonymous Coward () on

      Now if only we could fork all the GPL code (or other non BSD or pd licensed work).

    3. By RC () on

      He'd probably say:

      "Take that you BSD loving bastards! You should have made everything GPLed!".

      If you've never dealt with him, you wont realize how funny that it.

      I don't think he'd care. Did he have anything to say about IPF?

      This does have all the makings of another IPF situation.

      The software was already under a not-quite free-enough license, and now they are adding additional restrictions (which are admittedly not as harsh as IPF's were).

      I am a bit concerned about Theo & OpenBSD taking on another project. With the kerberos, and S/Key problems in OpenSSH, it looks like they already don't have enough people to audit and debug the software before a release.

  9. By Talon () on

    This little stunt combined with the 6 month relese cycle and the recent OpenSSH bullshit is the straw
    that broke the camels back. i will no longer use or support OpenBSD either for personal use or for my customers.

    I wont stand for an operating system that changes from under my feet every time Theo decides to smoke the good crack that particular day of the week.

    A 6 month release cycle is nice if you dont have a farm of servers that constantly see use and have very small if any windows where you cna take the system down for upgrades.

    But its even worse when you have core system componets changed out from under your feet (like ipf, and now OpenSSL) when all your worried about is troubble free operation and getting on with the rest of your life.

    As far as i can see the only good thign OpenBSD has going for it is the new pf filter. the rest of the functionality can be found in NetBSD or FreeBSD without the political baggage.

    I might come back to OpenBSD some day if theo gets hit bya bus and someone more sane takes over the project but its not likely.

    Comments
    1. By Anonymous Coward () on

      But its even worse when you have core system componets changed out from under your feet (like ipf, and now OpenSSL) when all your worried about is troubble free operation and getting on with the rest of your life.

      As far as i can see the only good thign OpenBSD has going for it is the new pf filter. the rest of the functionality can be found in NetBSD or FreeBSD without the political baggage.


      Just so we are all clear, you don't like the OpenBSD team adding new features like pf , but you do, in fact, like the benefits such features give you.

      Just so we are all clear.

      Functionality was never the point. Secure by default and completely unrestrictive licenses was, and still is. Read the project goals if this wasn't clear to you.

      If OpenBSD no longer fits your needs, so be it. Just don't criticize the OpenBSD team for actually following their project goals, just because the no longer coincide with yours.

    2. By ftp () on

      What's the problem? AFAIK, you can still add f.ex. ipf if you so wish.

    3. By josh () selerius@codefusion.org on mailto:selerius@codefusion.org

      Ok. Have a nice day. Noone really cares. If you don't like it, then go use something else. You act like OpenBSD owe's you something...when in fact you most likely owe OpenBSD alot (buy any cds lately? probably not.) Neither I nor anyone else care's to hear your bitching. But back to your comment. A) have you read the sun license? or are you regurgitating bullshit from heresay? If you had read it, you would understand that is places a direct conflict with ANY free/open system, not just openbsd. B) OpenBSD isn't the only one pissed off. Sun's nasty license has cuased other conflict in the open/free world. But hey, what do you care? Have a great time installing net/freebsd over top of OpenBSD.

    4. By Anonymous Coward () on

      like OBSD's transition from IPF to PF, I am certain that the OBSD team will make a change from OSSH to ForkedSSH as seamless as possible. As far as the OBSD team changing the core system componets out from under your feet, unless you are developing application from the OSSL api, you probablly won't even notice that it has changed, just a you probably havnt noticed that boxes on your "farm" have been rooted since your busy whining, rather than updating your systems. If you don't want to be an sysadmin, then quit.

      Comments
      1. Comments
        1. By Anonymous Coward () on

          yes, why yes I do, thanks.....

    5. By bait eater () on

      > This little stunt combined with the 6 month relese cycle and the recent OpenSSH bullshit is the straw that broke the camels back.

      Oh shit 6 month release cycles! OH NOOOOOOO!
      Wait, what's wrong with this? You don't like snapshots? Or you want 5+ year release cycles?

      And lessee... OpenSSH bullshit - as in, "How dare they have a remote root, those free software people giving me no warranty!" Or... did you mean "Damn them for telling me to upgrade with some notice even before the exploit went public, I really hate forewarning, I want to get bent over the same time as everyone else!"


      > i will no longer use or support OpenBSD either for personal use or for my customers.

      Cya! You're funny.

      > I wont stand for an operating system that changes from under my feet every time Theo decides to smoke the good crack that particular day of the week.

      You prefer an opiate?

      > A 6 month release cycle is nice if you dont have a farm of servers that constantly see use and have very small if any windows where you cna take the system down for upgrades.

      Sorry, if you don't know how to run a server farm and fail over from one old machine to a new one - I can't help you understand how you should really be engineering your network more intelligently. H4> But its even worse when you have core system componets changed out from under your feet (like ipf, and now OpenSSL) when all your worried about is troubble free operation and getting on with the rest of your life.

      Hmmm, pf is better than ipf; and ipf (3.0) support wasn't dropped in a big rush. Your other example OpenSSL - well, OpenSSL isn't going away, we're just not going to _add_ new ecc crap. So you are losing, what? Oh right, your argument.

      > As far as i can see the only good thign OpenBSD has going for it is the new pf filter. the rest of the functionality can be found in NetBSD or FreeBSD without the political baggage.

      No political baggage in NetBSD (cough), yeah - right. Go have fun with FreeBSD's security stance, damnit - where are the advisories?
      http://www.freebsd.org/security/index.html seems useless to me. Hmm, code auditing? Nope. Crypto goodies? Er.. no... Solid linux emulation and SMP - hooooraY!

      > I might come back to OpenBSD some day if theo gets hit bya bus and someone more sane takes over the project but its not likely.

      No, please don't 'come back' - unless you seriously wise up.

      Comments
      1. By RC () on

        > Solid linux emulation and SMP - hooooraY!

        Hey now, don't go trashing SMP just cause some moron is iritating you. I happen to think than OpenBSD would get A LOT more use if it had SMP support on a few platforms (Intel, Sparc).

        I happen to know at least a dozen smaller shops that would most likely be using OpenBSD, if not for the fact that they have, or are considering getting MP systems.

    6. By Anonymous Coward () on

      You can run even UNICS Sep69 or Wollongong or whatever for us.
      It's no obligation to keep systems healthy.
      The releases every 6 months are made for your convenience only, because the real system is in current.
      You can have as many releases as you want.
      It's great job from Theo and the team to develop system this way.
      If you are tired with movement you can stay even with 2.0.
      You can either get mess of releases, stages, versions from others or freezed for months systems from other others.
      I'll get sticked to goals of OBSD.
      Bye, bye frustratus.



    7. By Nobody You'd Know () on

      "This little stunt" wouldn't affect you or your supposed server farm(I doubt you have one, as you sound rather ignorant and incompetent,) one bit. OpenSSL will just go on under a different name in OpenBSD, developed by OpenBSD people instead of the OpenSSL team.

      As for the release cycle, you are never required to upgrade; for myself, I prefer biannual upgrades, because I like to have bugs fixed and I like the progress of crypto in the system, but if you can't stand the downtime, then maybe you should just upgrade every other release or so? Get a clue, man.

      In any case, nobody will miss you, because you're a dumbass, and dumbasses are always more than welcome to go bother somebody else. If you think the only difference between OpenBSD and other BSDs is pf, then very obviously, you're more trouble than you're worth, so why not do us the big favor of never yapping at us again about your imaginary sufferings at the hands of Evil Theo[tm]?

    8. By zil0g () on

      hahah, where do you start on this one?
      ipf -> pf : they even kept the syntax!
      (more than others do) *looks at Linux*

      and if you don't like upgrading by releases then don't, if you don't like upgrading at all then don't, sorry to hear about your server farm, maybe you can convince your boss to get someone to admin them for you?

      sorry about your camel too.

      dummie

    9. By Anonymous Coward () on

      A 6 month release cycle is nice if you dont have a farm of servers that constantly see use and have very small if any windows where you cna take the system down for upgrades.

      I have a farm of servers here, and there and another there and I know that the 6-month release cycle makes OS administration a breeze. Wonder why.

      I might come back to OpenBSD some day if theo gets hit bya bus and someone more sane takes over the project but its not likely.

      Good!

      Going by what you've displayed here of your thinking skills and network administration abilities, I can tell you who is more likely to be hit by the bus. Now, put your little tinfoil thinking cap on and ponder, because it ain't Theo and you really do need to know who is more likely to get hit by a bus so that you can get on with the rest of your life.

      Have a nice one!

    10. By Anonymous Coward () on

      Let me get this straight. You're bleapin whining about 6 month release cycles. That occur, relative to the software world, like clockwork. Where you have SIX (6) ENTIRE MONTHS TO PLAN DOWNTIME FOR THE NEXT RELEASE (or shift 1+ months after release for shakeout bugs).

      You dislike this as opposed to every other OS that BLAM here's the gold CD, we might finalize in the next, oh, week, maybe 2, maybe 3?

      Cripes, they update the software. It's secure. It works. It's free. And you still bitch and bitch. Go to Linux, Darwin, FreeBSD, NetBSD--you'll waste more time updating your bleapin farm patching holes.

      Of course, you'll probably have an OBSD firewall in front of it all....

    11. By B.F. () - on -

    12. By sense less () on

      >>A 6 month release cycle is nice if you dont have a farm of servers that constantly see use

      You just switch to Windows than, mate... See how you like that. That's not a release cycle, but a continues loop in the wrong direction.

      >> But its even worse when you have core system componets changed out from under your feet

      See previous remark.

  10. By Lamont Granquist () lamont@scriptkiddie.org on http://www.scriptkiddie.org

    IANAL, but it reads to me like Sun is doing something good here by forcing people who use this code not to sue Sun for Patent violations. Since software patents are something that I think is horrible, I'd be interested in seeing more widespread adoption of clauses like this. If the FSF had a "if you try to sue us for patent violation, you can't use any of our software" clause that would provide some protection for open source development against patent violations.

    So, I did have a pretty hard time deciphering the exact meaning of the legalese. If I'm hitting the crack pipe here, I'd be interested in knowing other people's interpretation of it...

    Comments
    1. By Anonymous Coward () on

      Unfortunately, one of the troublesome clauses as I see it is:

      * provided that such covenant shall not apply:
      * 1) for code that a licensee deletes from the ECC Code;
      * 2) separates from the ECC Code; or
      * 3) for infringements caused by:
      * i) the modification of the ECC Code or
      * ii) the combination of the ECC Code with other software or
      * devices where such combination causes the infringement.

      In particular, 3.i is bad. It means that Sun no longer agrees to ignore any patent infringements you've made if you modify their code, i.e., if you change their stuff, they can sue you. And since the ability to change software is integral to the idea of open source and of free software, this is unacceptable. While I don't want to ascribe hostile motives to Sun, this has the potential to give them control over an important chunk of OpenSSL's code. Sure, ECC may not be popular now, but I expect it will be, especially for consumer electronics (e.g., cell phones). And then there will be no unencumbered ECC implementations, and we'll be screwed.

    2. By Phoenix () phoenix@dominion.ch on mailto:phoenix@dominion.ch

      I don't know how legal this is... but somehow the statement: "if you try to sue us, you can't use any of our software" or something more restrictive... like "by knowing of this software you can't sue us for it" of course, these software can't be sold... merely the medium or let's say, you buy a tee for $80 and get a free software package in addition...

      this all sounds silly, but think for a moment... it might work?

      Comments
      1. By Anonymous Coward () on

        Actually, that's a lot like what Sun is trying to do. If you try to sue them, you're in violation of their license, so you can't run their code anymore. Furthermore, your more restrictive idea ("By knowing of this software you can't sue us for it") won't work, because both parties to a contract must agree to it, or else it's invalid (This is why most software licenses say that, by running the software, you agree to their terms).

        The real solution is to have a community of people--like the OpenBSD community--who care about licenses.

  11. By Anonymous Coward () on

    "They that can give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety". - Ben Franklin

    Comments
  12. By Anonymous Coward () on

    I recommend FreeSSL as the name of the new, forked version of OpenSSL. It helps get the point across that it is Freedom that is important, not just the openness of the source code. Lot's of "Open Source" code is out there that, while available to be looked at, is just not Free. Freedom is one of OpenBSD's stated goals.

    OpenBSD just keeps getting better and better. First it added all the crypto and IPv6 and IPSEC support. Then a truly free OpenSSH. Then a vastly superior ip filter, "pf". Then Apache gets chrooted like it always should have been. Now FreeSSL is in the works. I'm stoked. I've been on this ride since 2.6, and I don't regret a single minute.

    Go team go!

    Comments
    1. By TheoFan () on

      Nope, the problem now is that 'OpenSSL' already
      was called 'Open' like 'OpenBSD'.

      The best thing is to rename the whole into
      Theo* and claim Theo* as a trademark, linke
      Easy does.

      So we will have TheoBSD, TheoSSL, TheoIPF and
      TheoSSH.

      Hmm yeh sounds great!

    2. By RC () on

      Well Free sounds too much like it's GPLed (Free Software Foundation)... So, Free is out, what next? Maybe NETssl? :-)

    3. By Anonymous Coward () nobody@bogus.com on mailto:nobody@bogus.com

      In that spirit, since OpenBSD stands for Freedom, I suggest we rename OpenBSD to FreeBSD!

      ...err, never mind.

      ...how about ClosedBSD? the damn thing is supposed to be secure anyway.

    4. By Anonymous Coward () on

      I'd go something more along the lines of TransparentSSL (TransSSL).

  13. By Chris () cwareham@btinternet.com on http://www.btinternet.com/~cwareham/

    I pointed out the OpenBSD concerns on the NetBSD security list, and later summarised the points being made by Theo and others. The subsequent debate highlighted the fact that this is not a copyright issue, but a patent covenant one, and that Theo et. al. had misunderstood the purpose of Suns comments.

    The hope is that the Sun code will be moved into a dedicated directory, as has been done with the problematic idea code. Then the code can be omitted when building binary packages for release. The source can be shipped with the offending code, and the end user can recompile OpenSSL to add it back in if the patent covenant is not an issue for them.

    Chris

    Comments
    1. By Anonymous Coward () on

      I'm glad that someone's doing something productive about this. The rest of us here are just whining. :-)

      While I agree that this is a patent covenant issue and not a copyright one, I don't think that makes it any less serious: Clause 3.i lets Sun sue you for patent infringement if you modify their code. That's bad. Forking OpenSSL is also bad, so right now I'm hoping that either Sun will change their license terms or someone will contribute unencumbered ECC code.

      I suppose I wouldn't care so much if Sun's contribution had been an algorithm like IDEA that one could choose to ignore without any loss of functionality. But, while I admit to not being a crypto-industry expert, I really get the feeling that ignoring ECC will not be so simple.

      Maybe I should go out and buy Husemoller or Silverman and Tate.

  14. By knomevol () knomevol@sanctuary.prv on mailto:knomevol@sanctuary.prv

    how precious a thing is freedom? so very so that men would risk their mortality defending it?

    do not forsake the preciousness of the freedom required to be able to build and operate openbsd. if we were in china, we'd be in jail for using it - and theo, he'd have a bullet in the back of his head.

    regardless of how insignificant any corporate-license-rhetoric may appear, once it has placed its apparently innocuous self into the system it grows like a cancer. corporate greed doesn't care how clean your water is, or how unbreathable the air is, or how secure your computing is (listening microsoft? we know...) as long as whatever dirty thing they're doing is profitable, they're going to do it.

    the act of computing is the act of leveraging your ideas. think freely my friends. take heart that theo is willing to place his world-wide-reputation on the line for the security of your ideas.

    i believe theo has made a wise choice.

    Comments
    1. By Anonymous Coward () on

      > as long as whatever dirty thing they're doing is profitable, they're going to do it. <br> <br> Well, duh! They're a business; anything else and they wouldn't be successful. <br> <br> I don't blame Sun for wanting to have such a license. But it's not in the community's best interest, and by rejecting their license we're applying the same selfish motives they are, just to a different end.

    2. By Bad Skater () on

      If, for no other reason, I support the transition to ForkedSSL (as with Pf) as a statement of and exercise in freedom. That the history of OpenBSD/OpenSSH/Pf indicates that ForkedSSL should be solid and secure is a bonus.

      Personal/social/political freedom did not *have* to happen, nor (some might say) *should* it have happened, but it *did* happen. Many who read this post are able to read it because of the sacrifices being made today, and those made many years and centuries ago to secure and ensure freedom.

      Similarly, software does not *have* to be free, nor *should* it be free, but it *can* be free. But of all software, it's free software that contributes to the continuing freedom so many hold dear and are willing to give their lives for.

      I was going to say that "free software, in it's own small way, contributes... to freedom," but that's not really fair. Given the growing importance of, and dependence on computers and software the world over, free software can actually make a very important contribution to the overall protection of freedom.

  15. By technofiend () on

    If the PF re-write is any indication of what can happen, I say go for it, Theo.

    Frankly, the OpenSSL code is more than a little ugly, a clean-sheet redesign, including an unemcumbered eliptical implementation
    is just the thing we need.

  16. By B.F. () - on -

Latest Articles

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]