Re: SSH v2 [intent to package]
Tommi Virtanen writes ("Re: SSH v2 [intent to package]"):
> I will package it as ssh2, make it provide /usr/sbin/ssh2d
> etc, and the user can change the symlinks (/usr/bin/ssh) to
> choose which version to use. That's the upstream solution..
I'd suggest not packaging it at all, since I believe that ssh 2.x may
be breaking copyright laws.
Excerpts from a post to comp.security.ssh by the BMP author,
http://x9.dejanews.com/getdoc.xp?AN=385027617&CONTEXT=904233996.1587478642&hitnum=0
>I took a look at the "new" bignum code of SSH 2 today. These guys worked
>hard writing this bignum code. Or perhaps they did not. Perhaps the code
>isn't really new at all.
>The replaced the names of GMP functions by adding a "ssh_" or "SSH_" prefix.
>Sometimes they also replaced some variable names. Okay, they omitted lots
>of functions and wrote a few new ones too.
>Of course, taking GPL code (or in the case of GMP, LGPL code) and modifying
>it is OK as long as you retain the FSF copyright notice. But the SSH 2
>bignum code has stuff like this in the header:
> Author: Somebody <somebody@ssh.fi>
> Copyright (C) 1996-98 SSH Communications Security Oy, Espoo, Finland
> All rights reserved.
and then he presents a side-by-side example of GMP and SSH code
showing how SSH 2 steals without attribution code from GMP.
I encourage anyone interested in ssh 2.x to check this out for themselves.
--
Richard W Kaszeta Graduate Student/Sysadmin
bofh@me.umn.edu University of MN, ME Dept
http://www.menet.umn.edu/~kaszeta
Reply to: