[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SSH v2 [intent to package]

Tommi Virtanen writes ("Re: SSH v2 [intent to package]"):
>	I will package it as ssh2, make it provide /usr/sbin/ssh2d
>	etc, and the user can change the symlinks (/usr/bin/ssh) to
>	choose which version to use. That's the upstream solution..

I'd suggest not packaging it at all, since I believe that ssh 2.x may
be breaking copyright laws.

Excerpts from a post to comp.security.ssh by the BMP author,

>I took a look at the "new" bignum code of SSH 2 today.  These guys worked
>hard writing this bignum code.  Or perhaps they did not.  Perhaps the code
>isn't really new at all.

>The replaced the names of GMP functions by adding a "ssh_" or "SSH_" prefix.
>Sometimes they also replaced some variable names.  Okay, they omitted lots
>of functions and wrote a few new ones too.

>Of course, taking GPL code (or in the case of GMP, LGPL code) and modifying
>it is OK as long as you retain the FSF copyright notice.  But the SSH 2
>bignum code has stuff like this in the header:

>  Author: Somebody <somebody@ssh.fi>

>  Copyright (C) 1996-98 SSH Communications Security Oy, Espoo, Finland
>  All rights reserved.

and then he presents a side-by-side example of GMP and SSH code
showing how SSH 2 steals without attribution code from GMP.

I encourage anyone interested in ssh 2.x to check this out for themselves.

Richard W Kaszeta 			Graduate Student/Sysadmin
bofh@me.umn.edu				University of MN, ME Dept

Reply to: