OpenSSL gets the fork!

Do it now, or do it later. Better to fork it now, while we can, and its under a license we like. Cryptography is a critical part of OpenBSD, and its something thats best to play safe with. This IS the right decision -- if for no other reason that it does no harm. Also, "The Fork" will still be the same "best tool for the job" as we've been using for aeons. Now its just more controllable, and OpenBSD's cryptography core is now protected!

I believe that time has shown that Theo's decisions of what to bring in, take out, and completely exclude have proven very fruitful.

It helps create the best, most secure BSD Licenced OS around. You might not see it, but licensing is VERY important.

Why use the best tool for the job when you can throw a trantrum and fork your own?

Because you get OpenSSH, pf, and even OpenBSD itself.
I hope he keeps throwing tantrums, it makes my life and my work easier!

Why use the best tool for the job when you can throw a trantrum and fork your own?

Tantrum? You must be imagining things.

You may as well give up trying to misdirect the OpenBSD users here with facetious and rhetorical questions. We know better. Maybe someday you will too when you learn that 'free' software doesn't just mean that you don't have to pay cash for it.

Right now, it means more that you can imagine. Practice imagining something other than imaginary tantrums on the parts of others. You'll feel better for it.

Trantrum? Exactly what in that message led you to believe the person was having a tantrum?

What you be smoking, because I wanna stay away from it....

Sun's license is restrictive.

We dont like that.

We circumvent it legally.

We be happy, mon!

From my understanding, Sun wants to stop anybody that uses the code from suing them about anything ever - not just anything that stems from using their code.

If you did indeed read the entire thread, it should have been CRYSTAL clear to you. Free software means just that, FREE, without restrictions. Whether it can ever be exercised in court is entirely beside the point and rather after-the-factish.

You don't understand and therefore the other party is wrong in their opinion? What the heck.

Declaration of non-responsibility is for the intent of nonsuitability. The directly makes the code more free as MORE people contribute, there is NO STATED accepted use for the code, and there is NO OPINION granted of such uses. It does afford legal protection.

However, that is clearly and blatently different than a legally binding constraint of a license aka contract of not being able to sue for simple use.

Also, the context of the license must be taken into your opinion--Sun is a competitive company. The OBSD team/project/community is not a for capitalistic (I'm not saying there is anything wrong with capitalism, but there is a difference in how one thinks and approaches legal battles) intentions.

Thus Spake Theo:

So why even BOTHER wasting your time trying to understand what they say?

Who cares if it is legal or not! We're not going to want to go quibble in a court! We're trying to make it so simple that something can't even GO to court, because it's free and, anyone can tell that it is free because the language used to say so is SIMPLE.

Is Theo rejecting OpenSSL because they accepted this code from Sun with the new limitations? Seems to be the most correct, based on the mailing lists.

Yes, no, yes, and yes.

Sun's license imposes restrictions on the use and modification of their code. The entire OpenSSL project is not licensed under the new conditions. But the OpenSSL project has accepted such conditions in what may eventually become a core part of their software. Consequently the entire OpenSSL project, and its ensemble of source files, is not, taken together, free; it contains tainted components.

I hope, however, that OpenSSL does not fork. I hope instead that the OpenSSL developers relent and agree to remove Sun's code so long as Sun's restrictions are attached.

oh dear

a)really-openssl
b)open-openssl
c)never-see-the-sun-openssl

Oops, that might draw the lawyers

RMS does not advocate free software, so I personally don't care what he has to say about it.

Now if only we could fork all the GPL code (or other non BSD or pd licensed work).

He'd probably say:

"Take that you BSD loving bastards! You should have made everything GPLed!".

If you've never dealt with him, you wont realize how funny that it.

I don't think he'd care. Did he have anything to say about IPF?

This does have all the makings of another IPF situation.

The software was already under a not-quite free-enough license, and now they are adding additional restrictions (which are admittedly not as harsh as IPF's were).

I am a bit concerned about Theo & OpenBSD taking on another project. With the kerberos, and S/Key problems in OpenSSH, it looks like they already don't have enough people to audit and debug the software before a release.

But its even worse when you have core system componets changed out from under your feet (like ipf, and now OpenSSL) when all your worried about is troubble free operation and getting on with the rest of your life.

As far as i can see the only good thign OpenBSD has going for it is the new pf filter. the rest of the functionality can be found in NetBSD or FreeBSD without the political baggage.

Just so we are all clear, you don't like the OpenBSD team adding new features like pf , but you do, in fact, like the benefits such features give you.

Just so we are all clear.

Functionality was never the point. Secure by default and completely unrestrictive licenses was, and still is. Read the project goals if this wasn't clear to you.

If OpenBSD no longer fits your needs, so be it. Just don't criticize the OpenBSD team for actually following their project goals, just because the no longer coincide with yours.

What's the problem? AFAIK, you can still add f.ex. ipf if you so wish.

Ok. Have a nice day. Noone really cares. If you don't like it, then go use something else. You act like OpenBSD owe's you something...when in fact you most likely owe OpenBSD alot (buy any cds lately? probably not.) Neither I nor anyone else care's to hear your bitching. But back to your comment. A) have you read the sun license? or are you regurgitating bullshit from heresay? If you had read it, you would understand that is places a direct conflict with ANY free/open system, not just openbsd. B) OpenBSD isn't the only one pissed off. Sun's nasty license has cuased other conflict in the open/free world. But hey, what do you care? Have a great time installing net/freebsd over top of OpenBSD.

like OBSD's transition from IPF to PF, I am certain that the OBSD team will make a change from OSSH to ForkedSSH as seamless as possible. As far as the OBSD team changing the core system componets out from under your feet, unless you are developing application from the OSSL api, you probablly won't even notice that it has changed, just a you probably havnt noticed that boxes on your "farm" have been rooted since your busy whining, rather than updating your systems. If you don't want to be an sysadmin, then quit.

> This little stunt combined with the 6 month relese cycle and the recent OpenSSH bullshit is the straw that broke the camels back.

Oh shit 6 month release cycles! OH NOOOOOOO!
Wait, what's wrong with this? You don't like snapshots? Or you want 5+ year release cycles?

And lessee... OpenSSH bullshit - as in, "How dare they have a remote root, those free software people giving me no warranty!" Or... did you mean "Damn them for telling me to upgrade with some notice even before the exploit went public, I really hate forewarning, I want to get bent over the same time as everyone else!"


> i will no longer use or support OpenBSD either for personal use or for my customers.

Cya! You're funny.

> I wont stand for an operating system that changes from under my feet every time Theo decides to smoke the good crack that particular day of the week.

You prefer an opiate?

> A 6 month release cycle is nice if you dont have a farm of servers that constantly see use and have very small if any windows where you cna take the system down for upgrades.

Sorry, if you don't know how to run a server farm and fail over from one old machine to a new one - I can't help you understand how you should really be engineering your network more intelligently. H4> But its even worse when you have core system componets changed out from under your feet (like ipf, and now OpenSSL) when all your worried about is troubble free operation and getting on with the rest of your life.

Hmmm, pf is better than ipf; and ipf (3.0) support wasn't dropped in a big rush. Your other example OpenSSL - well, OpenSSL isn't going away, we're just not going to _add_ new ecc crap. So you are losing, what? Oh right, your argument.

> As far as i can see the only good thign OpenBSD has going for it is the new pf filter. the rest of the functionality can be found in NetBSD or FreeBSD without the political baggage.

No political baggage in NetBSD (cough), yeah - right. Go have fun with FreeBSD's security stance, damnit - where are the advisories?
http://www.freebsd.org/security/index.html seems useless to me. Hmm, code auditing? Nope. Crypto goodies? Er.. no... Solid linux emulation and SMP - hooooraY!

> I might come back to OpenBSD some day if theo gets hit bya bus and someone more sane takes over the project but its not likely.

No, please don't 'come back' - unless you seriously wise up.

You can run even UNICS Sep69 or Wollongong or whatever for us.
It's no obligation to keep systems healthy.
The releases every 6 months are made for your convenience only, because the real system is in current.
You can have as many releases as you want.
It's great job from Theo and the team to develop system this way.
If you are tired with movement you can stay even with 2.0.
You can either get mess of releases, stages, versions from others or freezed for months systems from other others.
I'll get sticked to goals of OBSD.
Bye, bye frustratus.

"This little stunt" wouldn't affect you or your supposed server farm(I doubt you have one, as you sound rather ignorant and incompetent,) one bit. OpenSSL will just go on under a different name in OpenBSD, developed by OpenBSD people instead of the OpenSSL team.

As for the release cycle, you are never required to upgrade; for myself, I prefer biannual upgrades, because I like to have bugs fixed and I like the progress of crypto in the system, but if you can't stand the downtime, then maybe you should just upgrade every other release or so? Get a clue, man.

In any case, nobody will miss you, because you're a dumbass, and dumbasses are always more than welcome to go bother somebody else. If you think the only difference between OpenBSD and other BSDs is pf, then very obviously, you're more trouble than you're worth, so why not do us the big favor of never yapping at us again about your imaginary sufferings at the hands of Evil Theo[tm]?

hahah, where do you start on this one?
ipf -> pf : they even kept the syntax!
(more than others do) *looks at Linux*

and if you don't like upgrading by releases then don't, if you don't like upgrading at all then don't, sorry to hear about your server farm, maybe you can convince your boss to get someone to admin them for you?

sorry about your camel too.

dummie

A 6 month release cycle is nice if you dont have a farm of servers that constantly see use and have very small if any windows where you cna take the system down for upgrades.

I have a farm of servers here, and there and another there and I know that the 6-month release cycle makes OS administration a breeze. Wonder why.

I might come back to OpenBSD some day if theo gets hit bya bus and someone more sane takes over the project but its not likely.

Good!

Going by what you've displayed here of your thinking skills and network administration abilities, I can tell you who is more likely to be hit by the bus. Now, put your little tinfoil thinking cap on and ponder, because it ain't Theo and you really do need to know who is more likely to get hit by a bus so that you can get on with the rest of your life.

Have a nice one!

Let me get this straight. You're bleapin whining about 6 month release cycles. That occur, relative to the software world, like clockwork. Where you have SIX (6) ENTIRE MONTHS TO PLAN DOWNTIME FOR THE NEXT RELEASE (or shift 1+ months after release for shakeout bugs).

You dislike this as opposed to every other OS that BLAM here's the gold CD, we might finalize in the next, oh, week, maybe 2, maybe 3?

Cripes, they update the software. It's secure. It works. It's free. And you still bitch and bitch. Go to Linux, Darwin, FreeBSD, NetBSD--you'll waste more time updating your bleapin farm patching holes.

Of course, you'll probably have an OBSD firewall in front of it all....

>>A 6 month release cycle is nice if you dont have a farm of servers that constantly see use

You just switch to Windows than, mate... See how you like that. That's not a release cycle, but a continues loop in the wrong direction.

>> But its even worse when you have core system componets changed out from under your feet

See previous remark.

Unfortunately, one of the troublesome clauses as I see it is:

* provided that such covenant shall not apply:
* 1) for code that a licensee deletes from the ECC Code;
* 2) separates from the ECC Code; or
* 3) for infringements caused by:
* i) the modification of the ECC Code or
* ii) the combination of the ECC Code with other software or
* devices where such combination causes the infringement.

In particular, 3.i is bad. It means that Sun no longer agrees to ignore any patent infringements you've made if you modify their code, i.e., if you change their stuff, they can sue you. And since the ability to change software is integral to the idea of open source and of free software, this is unacceptable. While I don't want to ascribe hostile motives to Sun, this has the potential to give them control over an important chunk of OpenSSL's code. Sure, ECC may not be popular now, but I expect it will be, especially for consumer electronics (e.g., cell phones). And then there will be no unencumbered ECC implementations, and we'll be screwed.

I don't know how legal this is... but somehow the statement: "if you try to sue us, you can't use any of our software" or something more restrictive... like "by knowing of this software you can't sue us for it" of course, these software can't be sold... merely the medium or let's say, you buy a tee for $80 and get a free software package in addition...

this all sounds silly, but think for a moment... it might work?

...quoting Jefferson...

Nope, the problem now is that 'OpenSSL' already
was called 'Open' like 'OpenBSD'.

The best thing is to rename the whole into
Theo* and claim Theo* as a trademark, linke
Easy does.

So we will have TheoBSD, TheoSSL, TheoIPF and
TheoSSH.

Hmm yeh sounds great!

Well Free sounds too much like it's GPLed (Free Software Foundation)... So, Free is out, what next? Maybe NETssl? :-)

In that spirit, since OpenBSD stands for Freedom, I suggest we rename OpenBSD to FreeBSD!

...err, never mind.

...how about ClosedBSD? the damn thing is supposed to be secure anyway.

I'd go something more along the lines of TransparentSSL (TransSSL).

I'm glad that someone's doing something productive about this. The rest of us here are just whining. :-)

While I agree that this is a patent covenant issue and not a copyright one, I don't think that makes it any less serious: Clause 3.i lets Sun sue you for patent infringement if you modify their code. That's bad. Forking OpenSSL is also bad, so right now I'm hoping that either Sun will change their license terms or someone will contribute unencumbered ECC code.

I suppose I wouldn't care so much if Sun's contribution had been an algorithm like IDEA that one could choose to ignore without any loss of functionality. But, while I admit to not being a crypto-industry expert, I really get the feeling that ignoring ECC will not be so simple.

Maybe I should go out and buy Husemoller or Silverman and Tate.

> as long as whatever dirty thing they're doing is profitable, they're going to do it. <br> <br> Well, duh! They're a business; anything else and they wouldn't be successful. <br> <br> I don't blame Sun for wanting to have such a license. But it's not in the community's best interest, and by rejecting their license we're applying the same selfish motives they are, just to a different end.

If, for no other reason, I support the transition to ForkedSSL (as with Pf) as a statement of and exercise in freedom. That the history of OpenBSD/OpenSSH/Pf indicates that ForkedSSL should be solid and secure is a bonus.

Personal/social/political freedom did not *have* to happen, nor (some might say) *should* it have happened, but it *did* happen. Many who read this post are able to read it because of the sacrifices being made today, and those made many years and centuries ago to secure and ensure freedom.

Similarly, software does not *have* to be free, nor *should* it be free, but it *can* be free. But of all software, it's free software that contributes to the continuing freedom so many hold dear and are willing to give their lives for.

I was going to say that "free software, in it's own small way, contributes... to freedom," but that's not really fair. Given the growing importance of, and dependence on computers and software the world over, free software can actually make a very important contribution to the overall protection of freedom.