DB design document

Jean-David Beyer jdbeyer@exit109.com
Sat, 16 Dec 2000 10:19:46 -0500 

Rob Browning wrote (in part):
> 
> Steve Greenland <steveg@moregruel.net> writes (also in part):
> 
> Agreed.  Basically, the point was that we take the FSF, the GPL, and
> free-software very seriously here, so we're not going to skimp on the
> details, and I'm glad you brought this up.  I hadn't realized there
> was a licensing issue with OpenSSH, so that'll be good to keep in
> mind.

Can someone cite the licensing issues? If I look at the README with
openssh-2.1.1p1, all it says on the subject is:

"This is the port of OpenBSD's excellent OpenSSH to Linux and other
Unices.

"OpenSSH is based on the last free version of Tatu Ylonen's SSH with
all patent-encumbered algorithms removed (to external libraries), all
known security bugs fixed, new features reintroduced and many other
clean-ups. More information about SSH itself can be found in the file
README.Ylonen. OpenSSH has been created by Aaron Campbell, Bob Beck,
Markus Friedl, Niels Provos, Theo de Raadt, and Dug Song. It has a
homepage at http://www.openssh.com/"

Looking further, I find nothing about licensing in README.Ylonen or
README.openssh2.

In the file COPYING.Ylonen it is stated as follows:

"COPYING POLICY AND OTHER LEGAL ISSUES

"As far as I am concerned, the code I have written for this software
can be used freely for any purpose.  Any derived versions of this
software must be clearly marked as such, and if the derived work is
incompatible with the protocol description in the RFC file, it must be
called by a name other than "ssh" or "Secure Shell".

"However, I am not implying to give any licenses to any patents or
copyrights held by third parties, and the software includes parts that
are not under my direct control.  As far as I know, all included
source code is used in accordance with the relevant license agreements
and can be used freely for any purpose (the GNU license being the most
restrictive); see below for details.

[ RSA is no longer included. ]
[ IDEA is no longer included. ]
[ DES is now external. ]
[ GMP is now external. No more GNU licence. ]
[ Zlib is now external. ]
[ The make-ssh-known-hosts script is no longer included. ]
[ TSS has been removed. ]
[ MD5 is now external. ]
[ RC4 support has been removed (RC4 is used internally for arc4random).
]
[ Blowfish is now external. ]

"The 32-bit CRC implementation in crc32.c is due to Gary S. Brown.
Comments in the file indicate it may be used for any purpose without
restrictions.

"The 32-bit CRC compensation attack detector in deattack.c was
contributed by CORE SDI S.A. under a BSD-style license. See
http://www.core-sdi.com/english/ssh/ for details.

"Note that any information and cryptographic algorithms used in this
software are publicly available on the Internet and at any major
bookstore, scientific library, and patent office worldwide.  More
information can be found e.g. at "http://www.cs.hut.fi/crypto".

"The legal status of this program is some combination of all these
permissions and restrictions.  Use only at your own responsibility.
You will be responsible for any legal consequences yourself; I am not
making any claims whether possessing or using this is legal or not in
your country, and I am not taking any responsibility on your behalf."


-- 
 .~.  Jean-David Beyer           Registered Linux User 85642.
 /V\                             Registered Machine    73926.
/( )\ Shrewsbury, New Jersey
^^-^^ 10:05am up 11 days, 18:53, 2 users, load average: 2.16, 2.16, 2.12