Re: SSH never free
Brian Ristuccia writes:
> On Sun, Oct 03, 1999 at 09:18:27PM -0600, Richard Stallman wrote:
> > It looks like that version of ssh really was free software.
> > I am surprised.
> Patent issues still make it not free for most people in the US.
For less than a year, if they use RSA plus Blowfish. Lots of people outside
the U.S. have been developing free software using RSA for a while.
ssh1 is not inherently non-free software -- the patent restrictions are
temporary and specific to a single country. (And most people in that
country don't want to contribute to ssh1 during the next year _anyway_,
because they might be prosecuted for export law violations.) ssh is
already considered non-US and non-free in Debian, so its situation can only
improve from there. :-)
I don't see that a soon-to-expire limitation in a single country (where
development generally does not occur anyway) is necessarily a reason for the
world to abandon a free codebase of a very useful and important program.
> that the older free ssh1 version probably has bugs, and the rather odious
> license on cs.hut.fi's ssh2, lsh remains a very worthwhile effort.
Sure. An alternative would be to try to fix those bugs, which is perhaps
feasible considering that the source code of all subsequent versions is
available at no cost.
It's probably straightforward to have a clean-room effort to fix known bugs
using the released versions of ssh1:
(1) Team A reads changelogs and/or makes diffs between released versions of
(2) Team A studies these to produce a high-level detailed description of each
fixed bug and the general form of the solution, without including any code.
(If a lawyer approves, perhaps Team A may be in the U.S. and send its
work out of the U.S. by paper mail.)
(3) Team B (outside the U.S., and not particularly familiar with the ssh1
source code) reads Team A's list of bugs, and implements fixes, then
posts the result on an FTP site.
(4) Team A studies the fixes and pronounces judgment on whether or not each
fix correctly repairs a particular bug. These judgments could be a list
of "Yes" or "No" and, again with the approval of a lawyer, sent back by
(5) When Team A considers Team B's work correct, the general public tests the
implementation; perhaps some other team with relevant experience and
interest in a free ssh1 also audits the result (e.g. the OpenBSD team,
if they're interested).
This is certainly a roundabout process, but allows the good parts of the
original free ssh1 code base to be preserved.
Seth David Schoen <email@example.com> | And do not say, I will study when I
http://www.loyalty.org/~schoen/ | have leisure; for perhaps you will
http://www.loyalty.org/ (CAF) | not have leisure. -- Pirke Avot 2:5