Re: SSH never free

To: Brian Ristuccia <brianr@osiris.978.org>
Cc: Richard Stallman <rms@gnu.org>, pfaffben@msu.edu, debian-legal@lists.debian.org
Subject: Re: SSH never free
From: Seth David Schoen <schoen@loyalty.org>
Date: Mon, 4 Oct 1999 09:36:34 -0700
Message-id: <[🔎] 19991004093634.Q28766@pie.cty-alum.org>
In-reply-to: <[🔎] 19991003233440.I31895@osiris.978.org>; from Brian Ristuccia on Sun, Oct 03, 1999 at 11:34:40PM -0400
References: <199910012028.OAA28112@aztec.santafe.edu> <[🔎] 87btaisswi.fsf@pfaffben.user.msu.edu> <[🔎] 199910040318.VAA00954@aztec.santafe.edu> <[🔎] 19991003233440.I31895@osiris.978.org>

Brian Ristuccia writes:

> On Sun, Oct 03, 1999 at 09:18:27PM -0600, Richard Stallman wrote:
> > It looks like that version of ssh really was free software.
> > I am surprised.
> > 
> 
> Patent issues still make it not free for most people in the US.

For less than a year, if they use RSA plus Blowfish.  Lots of people outside
the U.S. have been developing free software using RSA for a while.

ssh1 is not inherently non-free software -- the patent restrictions are
temporary and specific to a single country.  (And most people in that
country don't want to contribute to ssh1 during the next year _anyway_,
because they might be prosecuted for export law violations.)  ssh is
already considered non-US and non-free in Debian, so its situation can only
improve from there. :-)

I don't see that a soon-to-expire limitation in a single country (where
development generally does not occur anyway) is necessarily a reason for the
world to abandon a free codebase of a very useful and important program.

> Considering
> that the older free ssh1 version probably has bugs, and the rather odious
> license on cs.hut.fi's ssh2, lsh remains a very worthwhile effort.

Sure.  An alternative would be to try to fix those bugs, which is perhaps
feasible considering that the source code of all subsequent versions is
available at no cost.

It's probably straightforward to have a clean-room effort to fix known bugs
using the released versions of ssh1:

(1) Team A reads changelogs and/or makes diffs between released versions of
    ssh1.

(2) Team A studies these to produce a high-level detailed description of each
    fixed bug and the general form of the solution, without including any code.
    (If a lawyer approves, perhaps Team A may be in the U.S. and send its
    work out of the U.S. by paper mail.)

(3) Team B (outside the U.S., and not particularly familiar with the ssh1
    source code) reads Team A's list of bugs, and implements fixes, then
    posts the result on an FTP site.

(4) Team A studies the fixes and pronounces judgment on whether or not each
    fix correctly repairs a particular bug.  These judgments could be a list
    of "Yes" or "No" and, again with the approval of a lawyer, sent back by
    paper mail.

(5) When Team A considers Team B's work correct, the general public tests the
    implementation; perhaps some other team with relevant experience and
    interest in a free ssh1 also audits the result (e.g. the OpenBSD team,
    if they're interested).

This is certainly a roundabout process, but allows the good parts of the
original free ssh1 code base to be preserved.

-- 
Seth David Schoen <schoen@loyalty.org>  | And do not say, I will study when I
     http://www.loyalty.org/~schoen/    | have leisure; for perhaps you will
     http://www.loyalty.org/   (CAF)    | not have leisure.  -- Pirke Avot 2:5

Reply to:

References:
- Re: SSH never free
  - From: Ben Pfaff <pfaffben@msu.edu>
- Re: SSH never free
  - From: Richard Stallman <rms@gnu.org>
- Re: SSH never free
  - From: Brian Ristuccia <brianr@osiris.978.org>

Prev by Date: Re: SSH never free
Next by Date: Re: SSH never free
Previous by thread: Re: SSH never free
Next by thread: Re: SSH never free
Index(es):
- Date
- Thread