Re: SSH never free
[Note: I'm moving this to the debian-legal list.]
Richard Stallman <rms@gnu.org> writes:
> I am pretty sure that SSH was never free software. Could you show me
> the license on the version that they started with?
I don't know what version they started with. However, the COPYING
file included with ssh-1.2.0 has the following license information.
Note from below that ssh actually uses some FSF-owned GPL'd libraries.
This file is part of the ssh software, Copyright (c) 1995 Tatu Ylonen, Finland
COPYING POLICY AND OTHER LEGAL ISSUES
As far as I am concerned, the code I have written for this software
can be used freely for any purpose. Any derived versions of this
software must be clearly marked as such, and if the derived work is
incompatible with the protocol description in the RFC file, it must be
called by a name other than "ssh" or "Secure Shell".
However, I am not implying to give any licenses to any patents or
copyrights held by third parties, and the software includes parts that
are not under my direct control. As far as I know, all included
source code is used in accordance with the relevant license
agreements; see below for details.
The RSA algorithm and even the concept of public key encryption are
claimed to patented in the United States. These patents may interfere
with your right to use this software. It is possible to compile the
software using the RSAREF2 library by giving --with-rsaref on the
configure command line. This may or may not make it legal to use this
software for non-commercial purposes in the United States (I have sent
a query about this to RSADSI (on July 10, 1995), but have not received
any response yet). The RSAREF2 distribution is not included in this
distribution, but can be obtained from almost any ftp site worldwide
containing cryptographic materials. Using RSAREF is not recommended
outside the United States.
The IDEA algorithm is claimed to be patented in the United States and
several other countries. I have been told by Ascom-Tech (the patent
holder) that IDEA can be used freely for non-commercial use. A copy
of their letter is at the end.
The DES implementation in this distribution is derived from the libdes
library by Eric Young <eay@mincom.oz.au>. It can be used under the
Gnu General Public License (libdes-COPYING) or the Artistic License
(libdes-ARTISTIC), at your option. See libdes-README for more
information. Eric Young has kindly given permission to distribute the
derived version under these terms. The file crypt.c is fcrypt.c from
SSLeay-0.4.3a by Eric Young; he permits free use.
The GNU Multiple Precision Library, included in this release and
linked into the executable, is distributed under the GNU General
Public License. A copy can be found in gmp-1.3.2/COPYING.
The make-ssh-known-hosts script is distributed under the GNU General
Public License. A copy can be found in gnu-COPYING-GPL.
Some files, such as memmove.c and random.c, are owned by the Regents
of the University of California, but can be freely used and
distributed. License terms are included in the affected files. The
file scp.c is derived from code owned by the Regents of the University
of California, and can be used freely.
The TSS encryption algorithm implementation in tss.c is copyright Timo
Rinne and Cirion Oy. It is used with permission, and permission has
been given for anyone to use it for any purpose as part of ssh.
The MD5 implementation in md5.c was taken from PGP and is due to Colin
Plumb. Comments in the file indicate that it is in the public domain.
The 32-bit CRC implementation in crc32.c is due to Gary S. Brown.
Comments in the file indicate it may be used as desired without
restrictions.
Reply to: