[ Home | Articles | Account | People | Projects | FAQ ] 
There is multiple problems with this new clause (the "+" part) :
/* * Copyright (C) 1993-2001 by Darren Reed. * * The author accepts no responsibility for the use of this software and * provides it on an ``as is'' basis without express or implied warranty. * Redistribution and use in source and binary forms are permitted * provided that this notice is preserved and due credit is given * to the original author and the contributors. + * Yes, this means that derivitive or modified works are not permitted + * without the author's prior consent. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of
The modification came after a lot of release under the Berkeley style license. It could be possible to make a fork just before the 3.4.17 and continue release under the standard Berkeley license (v2 without the adverts to be compatible with GPL).
What do you think of that ? Do we need to start a forked tree of the source code of IP Filter ?
at the thread starting here.
What you've recapped here is misleading; Darren states that he hasn't changed the license, merely clarified it. The real story seems to be that a bunch of *BSD's used the software without carefully evaluating the license.
Personally, I agree with his approach - this is security software, and multiple derivatives could cause major problems.
at the thread starting here.
What you've recapped here is misleading; Darren states that he hasn't changed the license, merely clarified it. The real story seems to be that a bunch of *BSD's used the software without carefully evaluating the license.
Personally, I agree with his approach - this is security software, and multiple derivatives could cause major problems.
I just downloaded http://coombs.anu.edu.au/~avalon/ipf34-current.tgz and took a look at it, since that's what was being debated, and saw:
/* * Copyright (C) 1993-2001 by Darren Reed. * * The author accepts no responsibility for the use of this software and * provides it on an ``as is'' basis without express or implied warranty. * * This software is may only be used on Sun Solaris platforms. */
This is different than the diff posted, in that this license restricts use (using pretty poor English) solely to Solaris platforms. However, we can compare that diff to the original license for 3.4.17, which was:
/* * Copyright (C) 1993-2000 by Darren Reed. * * The author accepts no responsibility for the use of this software and * provides it on an ``as is'' basis without express or implied warranty. * * Redistribution and use in source and binary forms are permitted * provided that this notice is preserved and due credit is given * to the original author and the contributors. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. * * I hate legaleese, don't you ? */
My translation of the above is that:
Following the djb reasoning regarding software law, this implies that you can distribute the package in it's original form, and a binary of the package, and there should be nothing preventing you from distributing patches. However, unless you stretch the meaning of "use of source code", it doesn't look like there was ever the right to redistribute modified versions granted.
IANAL, this is not legal advice, and you should refer to your attorney for legal guidance.
The term use is not defined in the license. Since it is not defined explicitely I guess that means you can take any definition in the dictionary for it. After looking at Merriam-Webster's definition for use[2, verb], the only two definitions that I see applicable are: 2 : to put into action or service : avail oneself of : EMPLOY and 4 : to carry out a purpose or action by means of : UTILIZE. So, if I'm created a piece of software, and I include part of his code, am I not UTILIZING the source? Didn't he give me the right to use the source in the "Redistribution and use in source and binary forms are permitted" clause of the license? Isn't the only condition to this clause: "provided that this notice is preserved and due credit is given to the original author and the contributors." He did not restrict how you were able to use the source code. He probably thought that use implied compiling the software, but that's only how the user uses the source. If another developer uses the source in his program, he is using it.
Don't licenses suck? KISS applies to licenses too.
As for the security argument, I don't buy it. Sure it's important to have stable software, but why limit the scope? Ideally all software is security software no matter how you look at it. Even your email client is security software. It takes input from an unknown source (other people) and acts upon it.
jmg: This sort of stuff won't get you anywhere. I'm betting "use" as opposed to "modification" is very clearly defined by IP case history. Unless "modification" is the IP's primary use (I can think of some very few types of IP where this would be the case, but this isn't one of them), then this doesn't fly.
Basically, this seems to be a huge problem for BSD in general. A central (and very, very nice) piece of the BSD code is non-free and nonmodifyable. While I like the BSDs codewise, BSD people have traditionally been extremely lax about licensing issues, refusing to take part in legalistic discussions. I guess this sort of mess is what results.
LWN also carries a short summary on the topic: http://lwn.net/2001/0524/
I agree that the word "use" for source in common Free Software sense includes the right to distribute modified versions.
I am not sure how intertwined IP Filter is with *BSD code but it might render operating systems including it non-free which is not good. The OpenBSD people seem to be aware of this which raises hope that they solve this problem and even pay more attention to the licenses.
On the side of publishing modified versions the FSF does not see a problem with user confusion as you can see from the third paragraph of this GNU GPL FAQ: Why does the GPL permit users to publish their modified versions?
Radagast: Ahh, sure, but what if you don't modify the file and link it in with your program? It's still not what he indented/wants from the license. Does this cover releasing patches and not releasing the modified files?
As for ipfilter being a central part of BSD, I'd have to disagree with that. FreeBSD makes almost no use of ipfilter. Heck, we have problems getting Darren Reed to fix bugs and import newer version of his code that works. It isn't compiled by default, and most people recommend that people use ipfw instead of ipfilter.
At least one thing about Darren's license is that it doesn't restrict the license that the other software is linked with.
Just to correct a few statements made here.
logic: there should be nothing preventing you from distributing patches
This is true only to the extent that the patches are not a derived work of the original program. In Galoob, the case DJB discusses, the program allowed you to alter the original program (to give yourself more lives, etc). The court specifically distinguishes this from other cases where the defendant had replaced the original work. So distributing patches is very much a grey area.
I'm betting "use" as opposed to "modification" is very clearly defined by IP case history.
While I agree that in this case, the term "use" does not include modification, the distinction is not always clear cut. For example, the term fair use applies to modifications. So while ber is most likely wrong in interpreting the term use to include publising derived works (esp. since use is not an exclusive right, but making derived works is), the conditions can be complex.
It's worth everybody remembering that IPFilter is not the only firewall option available to BSD users. FreeBSD, at least (can't speak for NetBSD or OpenBSD, I don't use them) also ships a very capable firewall implementation in the shape of ipfw.
IPFilter is maintained in the FreeBSD src/contrib tree, for third party contributed applications. As far as I can tell, it's main benefit over ipfw is that IPFilter runs on multiple operating systems, making your firewall rules more portable between operating systems. If that's not an issue for you then ipfw is more than up to the task.
Of course, there are commercial firewalls available as well.
I just pick the current one and now it's :
/* * Copyright (C) 1993-2001 by Darren Reed. * * The author accepts no responsibility for the use of this software and * provides it on an ``as is'' basis without express or implied warranty. * * Redistribution is not permitted. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. * * Ias that : */
It was that :
/* * Copyright (C) 1993-2000 by Darren Reed. * * The author accepts no responsibility for the use of this software and * provides it on an ``as is'' basis without express or implied warranty. * * Redistribution and use in source and binary forms are permitted * provided that this notice is preserved and due credit is given * to the original author and the contributors. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. * * I hate legaleese, don't you ? */
He changed the redistribution part by not allowing redistribution....
I just became crazy or it's a flip-flop licensing model ?
I do not know if a court would have the same interpretation, but to me, being allowed to use the source code means that I could use the (unmodified) source code in a new project, thereby creating a "derivative work". The recent change in the license forbids that, but this is a new restriction that was not in the original license.
Also, even if it is a borderline case, I could use most of the source code in a new project that contains all of the original files, except for one file that is replaced by a new file that I wrote from scratch. That new file would be compatible with the old one and provide new features. I could claim that I have simply used (parts of) the original code without modifying it. Yet that would allow me to create a modified version of the whole project. Again, I do not know how a court would react, but I doubt that the situation is as clear as the author claims.
By the way, this discussion is on Slashdot now...
Another comment: the most recent change in the license ("Redistribution is not permitted.") applies to the current beta version, but will probably be changed when the next stable version is released.
Last time I used FreeBSD, the difference between ipf and ipfw was that ipfw was not stateful.
Has this changed?
matt: Yes, ipfw in FreeBSD does support stateful rules. An example is the following:
check-state deny tcp from any to any established allow tcp from my-net to any setup keep-state
According to the ipfw man page, "Stateful extensions were introduced in FreeBSD 4.0."
If you read the /. comments, the license change only applies to test releases. This is so that OpenBSD can't abuse WIP IPFilter code. We'll have to wait to the next full release of the source code to find out what archiac license he'll decide to go with.
/me is glad he's never used ipfilter.
As one of the netfilter/iptables developers, I really have to admit that this license change makes my really, really sad.
I really don't care about any OS wars and about which firewalling implementation is better or not.
But I do care about freedom, very similar to RMS' definition of freedom. And as it looks, we have lost the second big free packet filtering systems on this planet.
Removing the right to distribute patches and/or modified versions of the code is a SEVERE restriction to everybody's freedom.
I can only hope that the respective FreeBSD colleagues will change their mind again, fighting for freedom in software.
From openbsd-tech:
---
Date: Tue, 29 May 2001 19:13:11 -0600
From: Theo de Raadt <deraadt@cvs.openbsd.org>
Subject: ipf
sometime in the next 20 hours, i will be removing ipf from the source tree since it does not meet our freedom requirements, as have been outlined in policy.html and goals.html since the start of our project.
we will have to work on an alternative.
---
We should applaud the OpenBSD developers for sticking to their principles and not using a piece of non-free software just because it's convenient or useful.
LaForge: Have FreeBSD change their mind about what? Including ipfilter with FreeBSD? Have you even done a search for ipfilter on www.freebsd.org? There is NO documentation on FreeBSD's website on how to use ipfilter. It doesn't even contain instructions for how to compile/load ipfilter. There is no mention of it in the doc or tutorial section of the website. I don't know about you, but in my opinion, this pretty much means it isn't an actively supported part of FreeBSD.
It was so bad that at one point (I think) we had over a year old copy of ipfilter (multiple versions out of date). This includes the fact that Darren Reed himself has commit priveleges to the FreeBSD source tree. So, it's not like he can claim that someone on the FreeBSD project hasn't gotten around to importing it.
Of course I am aware that FreeBSD has ipfw, and has it recently extended to do state tracking.
Anyway, to get back on-topic: Theo seems to have drawn the only reasonable consequence: IPFilter has been removed from the OpenBSD CVS tree.
As unfortunate as the current situation is, I'm glad that people _do_ care about freedom, before making 'practical' or 'convenient' choices.
I have just a mail to the IP Filter mailing list (cc to Darren Reed & Theo Deraadt).
Hope this could be a solution :
-----
Date: Sat, 2 Jun 2001 11:49:06 +0200 (CEST) From: adulau-ipfilter@colorado.g-inter.net To: ipfilter@coombs.anu.edu.au Cc: darrenr@pobox.com, deraadt@theos.com Subject: Possible solution for the license trouble of IP FilterDear All,
A possible solution can be found with the license trouble, the same trouble has been solved in the past with the tcp_wrapper program of Wietse Venema.
quote :
After a lengthy (and "fun") discussion with Theo de Raadt, Wietse Venema updated his license. It is now:
* Redistribution and use in source and binary forms,with or without * modification, are permitted provided that this entire copyright notice * is duplicated in all such copies.
(ftp://ftp.porcupine.org/pub/security/tcp_wrappers_license)
As you can see, it added the "with or without modification" clause. tcp_wrappers now matches the goals of free open source.
for full article : http://bsdtoday.com/2001/June/Features496.html
Is it possible to find a solution with the same trick ?
Thanks a lot of all the good works.
Adulau
New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.
Keep up with the latest Advogato features by reading the Advogato status blog.
If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!
del.icio.us
Digg
Google bookmark
reddit
Simpy
StumbleUpon
Furl
Newsvine
Technorati
Tailrank