Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
The Internet Operating Systems BSD

IPFilter Clarification 106

Posted by Hemos from the following-the-trail-of-events dept.
Joe Wanker writes "Darren Reed has posted some clarification on the IPFilter license hoopla. Specifically, counter-smacks Theo for the pile of bad press, states that threats don't do anyone any good, says he expects further releases to continue to contain the same licnese, and mentions that he is working with various core teams of important projects to make things work for everyone."
This discussion has been archived. No new comments can be posted.

IPFilter Clarification More

IPFilter Clarification

Comments Filter:

  • Re:So what. (Score:1)

    by Anonymous Coward
    We knew for a long time what Dr McKusick's plans where for the Soft Updates license. Specifically, it was long known that "softdeps will be BSDL'd when ready".

    With IPFilter we have a slightly different problem. It's much like someone grabbing ahold of the carpet you are standing on and pulling. It was widely believed that the license meant one thing, when in the author's mind, it meant something else. Darren felt that he was just making things clear, when in fact many of us thought what was added was not a part of the original license at all.

    Please note that the "no-redistribution" clause is an entirely separate issue, and only applies to his testing branch. This would be the same as FreeBSD disallowing the reproduction of the -CURRENT software, and then changing the terms and conditions once -CURRENT was ready for release.

    In any case, it should be noted that IPFilter is an excellent piece of software, and Darren should be thanked.

  • Re:How long before... (Score:1)

    by Anonymous Coward
    I don't see why you are switching to FreeBSD.

    You are fully aware that OBSD removed IPF from the base installation. That does NOT prevent a person from putting it in ports.

    OBSD runs plenty of software, regardless of license. For the purposes of the OBSD *project*, IPF no longer fits. But you can run GPL code on OBSD just as you can run IPF on OBSD.

    Even failing a maintainer for IPF in the OBSD ports collection, that still doesn't keep you from downloading it from Darren's IPF web site and compiling it on your own. Darren has indicated that he will attempt to keep it running on OBSD, as long as feedback and patches are submitted to him (ironic, isn't it--accepting patches but not allowing copies of modified code).

    btw, I agree with Theo's decision. I do not like how both Theo and Darren handled this. And while Darren has the right what to do with his software, he should also acknowledge that Theo damn well has the right to PISS Darren off if he wants (that is, after all, legal) and to do what he wants to do with his own projects (OBSD and OpenSSH, the two I know of).

  • There are times where diplomacy works. And there are times where diplomacy gets in the way.

    Theo is political simply by nature that everything else is seen as political. He just tries to cut through the bullshit. Which he then gets a lot of crap for, but given the work that results, I back him. I might not like him, but I don't really care myself of what opinion I hold of him.

    imo, this controversy has worked out as it should have. Theo pissed off Darren, Darren showed his true colors (see his responses on deadly.org), and Darren refused to change the license, even trying to work behind the scenes with the other BSDs like was working some secret or special deal with them.

    The end result is that Darren has not changed his license. Instead of pussy-footing around the issue, we have that cleared up absolutely in about 1 week since the issue came up on the ipfilter list. This works to OBSD's and Theo's advantage--people now know, through this publicity, why IPF was removed from the base installation and where OBSD is going. Meanwhile, people really are still somewhat confused with IPF's license.

    I should note, that if you take copyright law to heart, the BSD license does not grant the right to copy, only distribute. Maybe the U of California at Berkeley Board of Trustees need to make a modification to their license again, including the right to reproduction (legal term for copying you sickos).

  • Re:Now. Is it me or.. (Score:1)

    by Anonymous Coward
    The funny thing is that to gain the true perspective on this you must realize this simple truth: *BSD is dying.

    Due to the troubles of Walnut Creek, abysmal sales and so on, FreeBSD went out of business and was taken over by BSDI who sell another troubled OS. Now BSDI too is out of business, and its corpse turned over to yet another charnel house.

    All major surveys show that *BSD has steadily declined in market share. *BSD is very sick and its long term survival prospects are very dim. If *BSD is to survive at all it will be among a few hobbyist dabblers. In reality, *BSD continues to decay. Nothing short of a miracle could save it at this point in time. For all practical purposes, *BSD is dead.

  • Re:Good. (Score:2)

    by Anonymous Coward
    Those aren't good points. He's stating (and you agree) that he has the right to control the software. That's restrictive.

    That also indicates IPF is not under a true BSD-style license. Since it does not seem to be, no matter what you think of Theo, Theo was correct in stating IPF no longer fits in a BSD OS base install.

    I hope you realize that this issue is not a new issue, even to those in the GPL camp. There has been talk for years about some killer app that is closed source but uses Linux as the base OS. Because of it's popularity, compabilitiy and kernal changes must conform to the direction of that popular app.

    Well, we can now say that this is not just a weakness to the GPL, but to any OS, even the free sort. Not because of popularity alone, but because of popularity and confusion/ambiguity of the license. IPF was just such a case, and this entire controversy is strong anecdotal evidence that the hypothetical situation of the GPL's weakness could occur, with the correction that it is not a GPL-specific weakness.

  • bsd license+darren's license dont go together (Score:4)

    by Anonymous Coward on Sunday June 03, 2001 @01:19PM (#179752)
    ok, darren has said that his license has been misinterpreted, that theo has been bad mounthing him and making bad press, the way i see it, theo is right, maybe not about the whole bad press crap, but hey, darren says the end user can modify his code and use it that way, but i was always under the impression that that simply wasnt enough for the bsd license...if i want to modify it and sell it closed source, as long as i give due credit, i should be able to...THAT is the bsd license, that is NOT what darren's license says...maybe i am on crack, i dont think so though, i do think dareen has a little bit of a fantasy going on now. he stepped on a lot of toes and for as non-chalant as he tried to be, he realizes he messed up and now is tried to backtrack in his opinions, if not on the license itself.

  • Read other comments on mailing list (Score:4)

    by Anonymous Coward on Sunday June 03, 2001 @01:23PM (#179753)
    The link leads to a post on a mailing list archive. Take the time to read through some of the other comments posted there.

  • Darren who? (Score:5)

    by Anonymous Coward on Sunday June 03, 2001 @01:57PM (#179754)
    Now I can rest easy, knowing my bsd has been audited not only for security but also for questionable licenses.
    from: http://www.bsdtoday.com/2001/June/Features496.html

    "After a lengthy (and "fun") discussion with Theo de Raadt, Wietse Venema updated his license. It is now:

    * Redistribution and use in source and binary forms, with or without
    * modification, are permitted provided that this entire copyright notice
    * is duplicated in all such copies.

    (ftp://ftp.porcupine.org/pub/security/tcp_wrappe rs _license)

    As you can see, it added the "with or without modification" clause. tcp_wrappers now matches the goals of free open source."

    Is that really too much to ask for? But now it's back to my OBSD2.9 install (complete with IPF).

    AMF
  • If you go by Darrin's original clarification, IPFilter never had the right to fork in the license.

    ----
  • You most certainly do have an implicit right to use software. I don't even think he can even restrict people from modifying software unless there is a more tangible contract than a text file distributed with the software.

    What you do not have is an implicit right to distribute software (modified or unmodified). In order to copy or distribute copyrighted software you need license or fair use (or the equivalent concepts outside of the US, where OpenBSD is from). If Darrin says you can only distribute unmodified versions of IPFilter, OpenBSD has no choice but to respect his license and dump IPFilter from the OpenBSD distribution.


    ----

  • Re:The new license *is* different (Score:3)

    by ninjaz ( 1202 ) on Monday June 04, 2001 @04:10AM (#179757)
    1. He did not in the past correct people who were under the impression that it was BSD-licensed. Now, copyright law doesn't require this - but common courtesy does. See e.g. this thread:

    Or how about his message on the FreeBSD security list, where he describes it as public domain [neohapsis.com]

    ipfilter is generally considered to be the "leading"
    public domain packet filtering package and I try to ensure it stays that way :-)

  • The IPF license is not BSD.

    It's good for anyone that is ipf END USER, but as long as it's not BSD-stylee, people modifining ipf (like a lot of companies and others) can't reuse and redistribute these remodified versions of ipf.

    I.e. end users of OpenBSD might use modified ipf, but they won't be able to modifiy and redistribute these versions. Not good.

    Please; BSD or GPL!
  • Of the four main reasons to do software (money, prestige, scratch to itch and fun) I see that Reed is not having the first two. Does he enjoy it so much? Does he need IPFiler so much? Why does he develop it?
    __
  • The OpenBSD team are on the verge of putting together an OpenIPF project, the domain has already been registered by Todd Fries. I sincerely hope that they succeed, and can produce something as flexible as IPFilter with a decent licence and consistant, intelligent, project management. It's a crying shame IPFilter will die a death because of this, it's a waste of code and a waste of good work, but in the current way its managed, it has to go.

    Hang on. As I understand it, OpenBSD team would simply be able to fork the latest IPFilter code before the licence change (*), and continue from there.

    (*) Despite what Reed claims, I don't see how this is a "clarification" of the license. It is, plain and simple, a retroactive change of the license. The original license clearly stated that you are allowed to use IPFilter in binary and in source, as long as you retain this notice and give credit to the author. I don't see how you can read the above as "you are not allowed to distribute modified versions".

    Anyway, according to the old license, they can just take the latest free code and start the OpenIPF project with that.
    ___

  • Is it really so bad when there are just a few enthusiasts out there that develop an operating system and focus on building a good, stable, reliable OS, completely ignoring market share?

    Look at Mircosoft products, and see what focusing on market share creates. I also see it in my daily work: "Oh, hell, that thing probably doesn't work correctly" - "Ignore it, the customer wants it now, perhaps it works fine, and if not, we have to fix it anyway"

  • lame defence... (Score:5)

    by kevin lyda ( 4803 ) on Sunday June 03, 2001 @01:49PM (#179762) Homepage
    sorry, the "theo's being mean to me" defence is old, boring and lame. the license as i read it isn't very acceptable to a project that does security audits and, if worse comes to worse, aims to fix security holes in short order.

    i don't run any servers that need openbsd's level of security, but if i did it would make me happy that a hardass like theo was running it.
  • Nope, it's not Open Source. From the Open Source Definition (http://www.opensource.org/docs/definition.html):


    3. Derived Works

    The license must allow modifications and derived works, and must allow them to be distributed under the same terms as the license of the original software.

    Rationale: The mere ability to read source isn't enough to support independent peer review and rapid evolutionary selection. For rapid evolution to happen, people need to be able to experiment with and redistribute modifications.


    So it is NOT Open Source.

    Darren has the right to license his code however he wants. We have the right to decide if we accept the license.
  • The only rights you have to use software is the rights given to you by the person holding the copyright on the software. This is usually in exchange for money. If you find some software just lying around then you have no rights to use, modify or distribute that software. Why do you think commercial licences say something along the lines of "permission given to use this software provided blah blah".

    If what you say was true then you wouldn't have to worry about hiding warez on your machine because it wouldn't be illegal. So long as you didn't give it to anybody else you'd be in the clear. Also you could modify any software you could lay your hands on.
  • You are wrong. You have no implicit rights to use software, only rights given to you by the copyright holder. Nowhere in Reed's licence did it ever say "modify" so you have no right to modify the code. What he stated was implicit in his licence. Copyright isn't like trademarks. If you don't inforce it you don't lose it.

    Reed is perfectly within his rights to prevent people from modifying his code and De Raadt is perfectly within his rights to tell him to place it where the sun doesn't shine and write his own. Once that happens how long do you think it will be before Free/NetBSD's are using OpenIPF which has a truely open licence?
  • "Use in binary form" means no modification of the binary even though it is possible. Why should "Use in source form" mean any different? You can use the source to as it is intended (to make the binary) but not modify it. No explicit permission is given to modify anything which is necessary. It'll likely come down to what the judge's teenage kid thinks of it because there's a good change they'll have nfi.

    Darren had made his feelings clear (until the second "clarification" which seemed to say "you _can_ modify it so long as you don't have anything to do with Theo because he hurt my feelings") that he didn't want people to modify it. Arguing legal technicalities that are contrary to the authors wishes is very bad. If a close source company does it then they get flamed big time. This is no different.

    Theo's done the right thing (a little lacking on diplomacy though). He drew attention to something that was a problem. When Darren clarified his position Theo pulled IPF from OpenBSD and has started moves to fix the problem. Darren now has to make a choice, change the licence or get sidelined. His latest "clarification" is nothing more than an attempt to get the Free/NetBSD people on his side so they don't also pull IPF from their distros and support OpenIPF.
  • He didn't have to. Without explicit permission from the copyright holder you have no rights at all to their software. He gave permission to use and redistribute but there was no mention of modification which means we have no right to modify it. Everyone assumed he gave permission and he didn't correct them. Unlike trade marks you don't have to defend copyright. He didn't change the licence (we didn't have the right to modify the code ever), he clarified it.

    Is what he did particularily ethical? Not really.
    Is what he did within his legal rights? Most probably.

    The only real issue is who else contributed and did they transfer the copyright of their work to him. Those people could make Darren's life difficult.
  • I would appreciate it greatly if someone could post information about the various projects of open-source firewall-type software available today. Thanks.
  • But the BSDs ship plenty of non-BSD-licensed software. Like ... oh, I don't know, the compiler.

    --
  • In the "clarification" of the original license (which many took for re-interpretation), Darren claimed "this means no modification".

    Now in this message, he claims "The licence is intended to mean that people can use (which includes modify or patch or tune, as seen fit)".

    If you *can* modify it, what was the whole point of the "clarification"?
  • AFAIK, the recent release of IPFW does allow for stateful inspection. Looks like it's still under development and making improvements.

    -=lx=-
  • The cannonical FreeBSD packet filter is ipfw (AKA ipfirewall), not ipfilter. Having said that, it is BSD licensed, at least the fork of it that lives in FreeBSD. Don't believe me? Read the license:

    /*
    * Copyright (c) 1993 Daniel Boulet
    * Copyright (c) 1994 Ugen J.S.Antsilevich
    * Copyright (c) 1996 Alex Nash
    * Copyright (c) 2000 Luigi Rizzo
    *
    * Redistribution and use in source forms, with and without modification,
    * are permitted provided that this entire comment appears intact.
    *
    * Redistribution in binary form may occur without any restrictions.
    * Obviously, it would be nice if you gave credit where credit is due
    * but requiring it would be too onerous.
    *
    * This software is provided ``AS IS'' without any warranties of any kind.
    *
    * $FreeBSD: src/sys/netinet/ip_fw.c,v 1.131.2.23 2001/03/28 05:19:00 simokawa Exp $
    */

  • Re:Other firewall software? (Score:5)

    by warlock ( 14079 ) on Sunday June 03, 2001 @04:16PM (#179773) Homepage
    I have no clue what the AC you responded to was talking about (perhaps he can clarify?) but I don't think that ipfilter is by far the best packet filter. If you rule out the fact that it is cross platform, which you obviously did since you compared it to iptables, I would suggest FreeBSD's ipfw/ipfirewall as a better alternative. In conjuction with dummynet, divert sockets and natd, it does everything you could possibly want from a packet filter and then some. Fancy adding some extra delay, add packet loss or throttle flows perhaps, individual ones or a number of them, or per protocol or whatever else? want traffic shaping to go with that? per subnet, ip, uid or gid perhaps? no problem, you can do that with ipfw, and with nice, sane syntax.

    I also find natd vastly superior to any other nat implementation I used to date. Some people don't like the idea of nat being done in userland, but I never observed any performance problems.
  • IPFilter is by far, the best "open source" firewall available for UN*X, by a long shot.

    It allows for correct NAT, unlike IP Tables, a great stateful inspection table, and relativly simple rules...

    I did quite a bit of looking for a UN*X based firewall solution, (Open Source), and IPF was the only one worth using. Face it, IP Tables is really left in the dust.
  • I want to grow up to be strong and smart like Theo.

    ...no really, Theo is a great role model.

    Do what you like to do, don't take crap.
    simple.
  • Quote from Darren Reedin reply to [false.net] Bill Corrigan's reply [false.net] to the original message:

    If OpenBSD had a more reasonable leadership as do FreeBSD/NetBSD, then maybe this would never have happened. This is not a vendetta thing, it is just how I'm dealing with Theo being obnoxious.

    Hmmm... not a vendetta.. right...
  • >Actually, it is "open source." It is not, however, "free."

    Wrong! According to the Open Source Initiative's definition "The license must allow modifications and derived works, and must allow them to be distributed under the same terms as the license of the original software."
    (http://www.opensource.org/docs/definition.html) .

  • Re:Good. (Score:3)

    by DeathBunny ( 24311 ) on Sunday June 03, 2001 @01:42PM (#179778)
    >Darren Reed raises some good points on his >behalf. If one wants to create a piece of >software, and then give it to the open source >community, nobody should go to tell him that he >should release it under some particular license.

    If the software in question is released under a closed license that nothing has really been given to the open source community.

    When a license says that distributing modified version is not allowed, THAT is indeed a closed source license.

    >All Reed wants to do is to make sure that he >holds the strings in IPFilter development.

    Isn't that all that Microsoft wants to do? Hold the strings in Windows and Office development? :-)

    I'm hoping that with Darren's most recent clairification that this whole issue is over.

  • Re:How long before... (Score:5)

    by DeathBunny ( 24311 ) on Sunday June 03, 2001 @01:36PM (#179779)
    >I also think that Darren Reed has a right to >license HIS code anyway that he damn well pleases.

    Agreed. However, Theo also has a right to license HIS project however he damn well pleases and to set standards for inclusion into his project. Darren Reed's last "clarification" said that distributing modified version of IPF was not allowd. That's very much contrary to the stated goals of the OpenBSD project. Theo would have been a hypocrite *not* to pull IPF from OpenBSD.

  • pseudonym (Score:3)

    by gmhowell ( 26755 ) <gmhowell@gmail.com> on Sunday June 03, 2001 @01:49PM (#179780) Homepage Journal
    I am sure that Joe Wanker [wanker.com] is a real person. But given his behaviour in the whole thing, couldn't this be a pseudonym for Darren Reed [mailto]? I mean seriously, Darren, you release your stuff under your license. Don't get huffy if Theo (who can quite frequently be an ass) doesn't like it, tough shit. Just like ipf is your baby, open is his. Deal with it.

    And don't pretend that you just figured out that Theo can be an ass. Next thing you'll say that RMS is a bit rigid.

  • If one wants to create a piece of software, and then give it to the open source community, nobody should go to tell him that he should release it under some particular license.

    This is a bit if a a simplification of the real issue, unfortunately. The real issue is the perception that he changed the license. I'm not a lawyer, but it certainly seems like the new wording adds new restrictions contrary to his insistence that it is only intended as a clarification.

    I agree that nobody should try to tell a developer what is the "correct" license. But by choosing to use his own license & not have it checked by a lawyer to make sure no later "clarification" was needed, Reed invited the hassles he's facing now.
  • Just to clarify, I'm not saying that his "clarification" was wrong, or legally invalid. Just that it probably did more harm then good.

    I'm pretty much license agnostic. If you develop a program, license it as you see fit. However, it's important to realize that "natural selection" will occur based on your license choice, so choose carefully. A perfect example of this was cited in a previous discussion-- qmail. A strong case could be made that qmail is the premier MTD around today, yet it's nowhere near as popular as Sendmail. Obviously some of that is simply due to legacy issues. But a larger problem is quite probably the more restrictive license that DJB uses. His restrictions are in place for good reasons, but they do affect it's popularity. Is the trade off worthwhile? I don't know, but I presume that DJB (& Darren Reed) would say so.
  • He never stated it was open source, his license doesnt state anything that would maek you think it was. He just says you can use and distirbute it as long as you give credit. Modification is never granted.
  • Sure he can choose whatever licencing terms he chooses, but I don't think he can *retroactively* change the terms of a licence unless that was a right he originally claimed. If he want's to insist that his existing licence restricts modification and redistribution, that that be something he'd have to fight in court if needed - the licence itself already exists, and IANAL but I doubt a court would agree with the way he now wants it interpreted.
  • That the license was not actually changed. Rights of distribution of modified and derivative packages are exclusive rights. If these rights are not explicitly granted or transferred by the copyright owner, they remain exclusively in the hands of the copyright owner. Darren did not grant or transfer these rights. The license text change does not constitute a change in what is allowed under the license.
  • Now Darren says the original IPFilter license does allow modification and that he won't change it because that would imply there's something wrong with it.

    I have to say that if people are having problems understanding exactly what rights the license gives them, then there IS something wrong with it.

  • So does that mean he now owns all the work that other developers did to the source over the last 8 years? I think not.

    --

  • I suppose that's also why . . . (Score:3)

    by werdna ( 39029 ) on Sunday June 03, 2001 @06:11PM (#179788) Journal
    Apple is using IPFW in Darwin.
  • Yep, the fucker even calls it "Open Source" at one point:

    http://msgs.SecurePoint.com/cgi-bin/get/ipfilter -0 007/110/1.html
  • Here's why Reed's new license wording is in fact a change in meaning:

    1. He did not in the past correct people who were under the impression
    that it was BSD-licensed. Now, copyright law doesn't require this - but
    common courtesy does.
    See e.g. this thread:

    http://false.net/ipfilter/1999_12/0055.html

    And of course, Open, Free, and Net BSDs distributing modified versions
    w/o any problems.

    Now, the original license seemed to allow modification - I base this on
    two things, which I have marked with _s :

    "Redistribution and use in source _and binary_ forms are permitted
    provided that _this notice is preserved_ and due credit is given
    to the original author and the contributors."

    1. Allowing redistribution in binary form is already allowing derivative
    works - the original is distributed only in source form.

    2. Removal of the notice would constitute modification - the existence
    of this phrase implies that other modifications are allowed.

    So, it can definately be argued that Reed's new license is a change in
    meaning.

    (I tried to post this to my local LUG mailing list, but their server is on crack).

  • All together now, "IPF is not free software." Full stop, end of story. OpenBSD can't use it, given the project's goals.

    I can understand the key players in all this having strong reactions to what's been happening, but I wish all of us spectators would calm down a bit. (This isn't directed specifically at the poster I'm following up to, btw.)

    Yes, this issue will affect me (as a sysadmin), and yes, I have opinions as to who made what mistake when, but I don't have a lot of patience anymore for all the people proclaiming undying support for one side or the other and flaming everyone else within reach of Slashdot or IPF's and OpenBSD's mailing lists.

    Both Darren and Theo have done a lot of good work, and I believe few of the critics really have the right to criticize. I mean, is it helping?

  • thanks for the defense. Morons like the AC before you misinform the people with mod points. Are they to be blamed for ignorant voting? No, I'd say that it is more likely the system should be blamed.
  • OpenIPF should fork IPF and they should leave the legal questions to the lawyers. No, I'm not saying they should ignore the license, and I'm not saying they should bet that Darren wont sue (although I'm willing to offer odds that he will if anyone wants to bet on it), I'm suggesting that they get a legal clarification, from a judge.
  • Excuse me, stop your flame for a moment, I clearly explained what my lawyers said. "use in both source and binary forms" can be argued to mean that derivative works are permited. Your opinion really doesn't matter, it is the lawyers opinions that matter and my lawyers have told me that Darren would lose if he tried to sue anyone who has made a derivative work of his code within the last eight years. This also means that if Darren does not change his license you are still permitted to make derivative works. Please note that I am not a lawyer and this is not legal advice, if you are considering forking Darren's code I suggest you contact an lawyer. I except he will tell you the same thing as my lawyers have told you, but really it is a mute point because Darren is not going to sue you.
  • The issue is that Darren did not make it clear what his intentions were, nor has he done so for the last eight years.
  • again. I will take your opinion with a grain of salt considering that the lawyers I have consulted seem to disagree with you. The common "use" of source is to make derivative works. Without explicitly prohibiting this from the common use he has explicitly stated that it is permited.
  • Darren's license will not stand up in court. For the last 8 years Darren has been very happy to watch people make changes to his code. Now he wants to retain control. Sorry, it doesn't work that way Darren. You should have told us eight years ago and we would have started our own project. The inability to make modified works makes your code useless, totally. Now, on the matter of a fork. You cannot stop it. Your removal of the words "with or without modification" from the BSD license is not enough. The words "use in source and binary forms is permitted" does not exclude making derivative works. I'm not just talking out my ass here, I have spoken with a number of copyright lawyers who are active in the Open Source community. If you sue, you will lose and you will waste a lot of money doing so. I believe you are aware of this (as you've indicated in other posts) and this is why you have specifically changed the license. Good for you, I wish you had done it eight years ago. Is this a moral thing to do? Well obviously that depends on how you feel about copyright in general. Stallman would disagree, but hey, that's Stallman. So you've bait and switched us all? You claim that you've done all the work and gotten nothing in return. I know how that feels, and I dont begrudge you for changing your license to retain a little more control, but dont try to be an indian giver. You may think you are doing nothing you're not entitled to do, after all, you wrote the code right? Well as I said, if you had made it clear that this was the case eight years ago we could have written some code too. Maybe yours would be better, maybe ours would be better, that's not the issue, the issue is that our code would have come without strings attached. Strings that say that we cant even fix bugs without your permission. Yes, by your interpretation, we can fix em on our private machine, sure, but we cant distribute those changes (actually, I'll inform you that patches are covered under fair use, but that's a poor substitute). Oh I hear you when you say that you'll accept any changes and distribute it for us. I hear you but I also hear the voice of time. Sooner or later you're going to blink out of existance Darren. And who do you think will own your copyright? Your wife, your son, your parents, that's *if* you have a will. Are they going to keep developing your code? Are they going to rerelease your code under a more liberal license? Or are they going to auction it off to the highest bidder who will then have the sole rights to make derivative works for the next 50 years? The fact is, if you close the source we are all left with an unchangable block of code that we cant make changes to. Remember here, I'm talking about your new license, with the specific conditions you have placed on derivative works (which at least was clear about the matter). Come on man, think about the big picture. If you are going to screw with the license, just close it now.

    Which is one of the good reasons I should give up ranting :)
  • Umm, yes it does support passive ftp, read the docs about ipnat proxying

  • Confusin! (Score:4)

    by iamsure ( 66666 ) on Sunday June 03, 2001 @02:49PM (#179799) Homepage
    Okay,

    In the ORIGINAL license he gave permission..
    "Redistribution and use in source and binary forms are permitted provided that this notice is preserved and due credit is given to the original author and the contributors"

    Then he CHANGED/ADDED/CLARIFIED with..
    "Yes, this means that derivitive or modified works are not permitted without the author's prior consent."

    So, he didnt want the original changed, or forked.

    But now he is saying..
    "The licence is intended to mean that people can use (which includes modify or patch or tune, as seen fit) IPFilter as found within FreeBSD/NetBSD for whatever purpose they desire"

    SO, in order, you can do what you want, as long as you credit. But no modifications. The license is intended to include modifications.

    WHAT?!?!

    WHICH IS IT??

    Are modifications allowed or not? Yes or no? Its really that simple.

    He is in that very hard place where he can either include ALL of bsd, or NONE. Yes, he and Theo are having a spat. Fine, I respect both of their feelings.

    And if he wants to have a closed source license, so be it. But just be *CLEAR*. Choose a license. Just one, and STICK to it.

    This last statement didnt clarify any more than the last statement did. It has completely confused things.

    However, he has now SPECIFICALLY given permission to modify the version in freebsd's cvs.

    I would grab that code, fork it, and turn it into OpenIPF.

    This all comes down to wanting to help FreeBSD and NetBSD but not Open, because of how they do things. Well guess what? Thats not how BSD works. You either give FREELY, or you can use the GPL and go to the linux side of the fence.

    Quit "clarifying" and CHOOSE an existing license so we know EXACTLY what to do with your code.

  • The licence is intended to mean that people can use (which includes modify or patch or tune, as seen fit) IPFilter as found within FreeBSD/NetBSD for whatever purpose they desire - so long as the conditions (due credit and the notice) are met.

    Cool. So can someone modify IPFilter as found within FreeBSD/NetBSD for the purpose of running well on OpenBSD or not?
  • >All the firewalling stuff is GPL... no licensing
    >bullshit
    What ?
    What do you think the 'L' stands for in 'GPL'?
    The GPL is a licence that is far more restrictive than any BSD licence. Its just restrictive in a different way.

    Hate to say this, but despite thinking that Mr Reed has a fine piece of code here I'm with Theo.
    Reed's re-interpretation of his original licence (and after reading many posts, thats what I believe it to be) goes against the spirit of BSD.
    Theo deraadt summed it up by saying that it should be "free to all (be they people or companies), for any purpose they wish to use it, including modification, use, peeing on, or even integration into baby mulching machines or atomic bombs to be dropped on Australia"

    Regards,
    Veg

    P.S.
    I'm not knocking the GPL - Stallman is the man - its just that I dont have his strength of character...sorry.

  • Reed: backpedal / rationalize / rant (Score:3)

    by peterw ( 88369 ) on Sunday June 03, 2001 @08:12PM (#179802)
    The longer this goes on
    1. the less clear ipfilter's license is
    2. the more clear it is that Darren is rationalizing any interpretation that amounts to "(Free|Net)BSD good, OpenBSD bad"
    Is Theo a jerk? I don't know, and I don't care. Local BSD/ipfilter advocates like to joke about the Linux kernel-of-the-month club, in reference to how rapidly and radically the Linux kernel changes. Hell, ipfilter is now in its own license-interpretation-of-the-week club.

    Here's wishing the best to folks woking on OpenIPF. The BSD folks deserve a good, Free packet filtering package.

  • going to be commercial in the near future

    Any proof of this?
  • First of all there is no such thing as bad press in my opinion. Second of all I think the intention is to allow modification of the source as long as credit etc is given. As for the license itself, it seems to me a lot of developers/companies want to have a licence with their own moniker stamped on it.
    I'll spare typing the list..you can find the list of licences at Licence list [fsf.org]

    Why not simply release it under an already existing license?
    Just don't release it under the Drivers License....the wait in line will discourage its release.

  • Screw people? WTF! Are you high? When was the last time you modified ANY open source code you lame name dropping fool. As a matter of fact,
    the only people that have any right to bitch are those who have contributed to the project.
    The rest of you need to spend time staring at something other and CRT.

    Oh yes, I mean you.
  • Thats the problem with religious wars, and religion in general isn't it ? ...

    Opinions other then yours are wrong ...

  • The primary driving right in open source is the ability to take the source code and fork it. This is a last resort technique, but anyone claiming to have an open source license *must* give the right to fork. Darren evidently does not believe in the right to fork: "I've said elsewhere, IPFilter will go where I wish it to, under my navigation.". s/IPFilter/MS Windows/

    Also, I'm not sure, but the word "use" is very vague and most likely (almost definately) gives the user the right to use it to learn and construct derivative works. But then again, I'm not a lawyer here. If Darren was handing out the binary... use may mean somethign entirely different. But he was handing out the source code. And making modifications is a resonable "use" by almost anyone's book.

  • If Darren wishes to limit his license it in the way he seems to be trying, then his license is *not* open source. Go read the OSD definition. Furthermore, since he has allowed his software to be categorized as open source... and even embedded into an open source operating system without balking, then promisory estopple comes into play... I don't think he can legally change his tune.
  • The openIFP people should start with Darrin's source code. This is the right to fork. I bet they would win and Darrin would loose as Darrin has past his license off as open source and BSD compatible for quite some time and under the doctrine of promissory estoppel, people should resonably conclude that his past license is open source compatible. (IANAL)
  • People could make a fork and call it something else, like OpenIPF and this would not at all be confused with IPFilter. The names are significantly different not to incite confusion.

  • promissory estoppel and open source (Score:5)

    by ClarkEvans ( 102211 ) on Sunday June 03, 2001 @05:33PM (#179812) Homepage

    Since Darren Reed's previous license is vague, one must look to the circumstances surrounding his use of the license. First, he has allowed his software to be included in and treated as open source software. Second, he may have even claimed his software was open source or lead people to believe this fact. Third, people have dependended upon this fact and may have invested significant, and unquantifiable time and energy into his product via bug fixes, suggestions, etc. Fourth, these people probably did this under the understanding that his software was indeed open source. Under these conditions and through the doctrine of promissory estoppel, Darren may not have the right to provide an alternative interpretation of his license which would not comply with the open source definition (which explicitly includes the right to make deriviative work without asking the creator). Lastly, people should stop calling his software "open source" unless he explicitly grants this right to make derivitive works, and Darren should start correcting people when his software is refered as open source... beacuse his new interpretation of his license clearly isn't open source. Disclaimer: I am not a lawyer.

    promissory estoppel [law.com] n. a false statement treated as a promise by a court when the listener had relied on what was told to him/her to his/her disadvantage. In order to see that justice is done a judge will preclude the maker of the statement from denying it. Thus, the legal inability of the person who made the false statement to deny it makes it an enforceable promise called "promissory estoppel," or an "equitable estoppel." Example: Bernie Blowhard tells Arthur Artist that Blowhard has a contract to make a movie and wants Artist to paint the background scenery in return for a percentage of the profits. Artist paints, and Blowhard then admits he needed the scenery to try to get a movie deal which fell through and there are no profits to share. Artist sues and the judge finds that Blowhard cannot deny a contract with Artist and gives Artist judgment for the value of his work.

  • A *BSD is dying post?
  • I agree, it's alive. In fact I'm a user and am bringing more of my friends into the OpenBSD camp. (Away from Win2K and Linux).
    Wearing the shirts around the office tends to attact a bit of attention. Especially the "So long and thanks for the passwords" one.
  • it does everything you could possibly want from a packet filter and then some.
    [...many nice things deleted...]

    Also don't forget policy routing based on filters.

    f.

  • Does Theo create a new project ANYTIME someone doesn't get along with him ?

    He was part of NetBSD, what does he do ? He forks it and makes OpenBSD.

    He doesn't like the SSH restrictions, so he starts a new project OpenSSH (Not that this is bad but he makes it OpenBSD centric so someone ELSE has to create patches for FreeBSD, Linux, etc.) .. Someone else has the domain OpenSSH.org, so what does he do ? He sicks slashdot on them.

    Now someone has software and won't suck up to him, he kicks their code out of OpenBSD and then someone registers openipf.org (for OpenBSD if you check the WhoIs)... Doesn't this seem a bit childish like the "I'm gonna take my marbles and play elsewhere" mentality ?

  • that shirt rocks! i wear mine all the time (bought a second b/c i fear the first getting lost/torn/stained) and get plenty of "oh how cute" comments, but every now and then someone looks at it with a little quizzical smile and then i get to explain...

    i wonder what the openipf shirts will look like... "so long, and thanks for all the restrictive licenses"?
    I hope they keep it as simple as the blowfish shirt; i don't like my shirts to be too loud/obnoxious.

    -f

  • Okay, time to move on slashdot. Your not helping anything here, and this posting doesn't "clarify" or anything else to anyone who's actually following the conversation. Your just adding to the noise.
    So please, the horse is beaten, you can stop now and move on to something more productive. It's Theo and Darren's pissing match now, and we should all step back and leave it alone.

  • No, the original did not. That license is based on copyright law, and under that law, any right not explicitly granted by the author (such as modifications/distribution of said modifications) is reserved to the author.

    No, not any right not explicitly granted by the author is reserved. For instance, the right to use the software is not reserved. Only the following is reserved:

    • copying
    • preparation of derivitive works
    • distribution of copies or phonorecords
    • public display/performance (does not apply to software)

    Notably, modification is not one of the reserved rights, only preparation of derivitive works. It is arguable whether or not modification for personal use is considered preparation of a derivitive work. Indeed, there is likely no precedent, since if you don't distribute you're probably not going to get caught.

  • What is Darren is protecting against? (Score:3)

    by driehuis ( 138692 ) on Sunday June 03, 2001 @05:35PM (#179820)
    It is entirely unclear what Darren is trying to protect against.

    I'll buy his stated goal of not wanting to deal with patches that do no apply cleanly (and anyone who has dealt with multiple OS kernel code can attest to the royal pain that re-indenting and like changes are). However, wishing to codify this is guaranteed to rub people the wrong way (and of course, rubbing Theo the wrong way is a surefire way of starting a war).

    The whole thing smacks of all parties doing "what-if"s, and Darren falling prey to Fear, Uncertainty and Doubt. Not good.

  • Here is a link to Daemon News [bsdtoday.com] with a little more clarification from Darren Reed on his view of things. It tends to back up some of the opinions of the AC's previous post.

    Now, as a complete aside to the above post:

    Sigh...I am getting tired of this "who is less of a dick" debate. Folks, have a look at the email traffic on the public boards. Darren Reed was the one who originally brought the whole discussion public. No, I am not going to bother with a link, since it is in the previous /. story. What I am going to suggest that most of the people here have a look at the email traffic on both the IPF and OpenBSD boards going back for over a year. It might clarify some things for you.

    Distributing IPF as part of a ports tree doesn't break any licensing requirements for any of the BSD's, is my understanding. As for the discussions about whether Free/Net BSD's will use this, it is not the same issue as it is with Open BSD, since Open was distributing IPF as part of its INTEGRATED base install. Theo and crew didn't have much of a choice on pulling it out, based on their own licensing requirements.

    mrgoat

  • BSD is very much alive and well. Re: ipfilter licensing, the only regrettable part is that Theo ripped IPF out without having a viable replacement for OpenBSD. I also think that Darren Reed has a right to license HIS code anyway that he damn well pleases. I expect a lot of those folks to. like myself, to switch to FreeBSD for my firewalling needs. What sucks is that used to be able to build a FW/VPN gateway in about 30 minutes with OpenBSD. sigh.
  • I agree completely. Darren is being an idiot here. OpenIPF will become more popular then IPF, just like SSH. OpenSSH is a more solid, less restrictive program then SSH. More people use OpenSSH now then any other SSH program. Just as i'm sure OpenIPF will be in turn. soon enough all anyone will remember about the original "ipf guy" will be that he turned into a jerk and openipf came about. regardless of the actual circumstances. gg darren.

  • When a license says that distributing modified version is not allowed, THAT is indeed a closed source license.

    Actually, it is "open source." It is not, however, "free."

  • includes modify or patch or tune, as seen fit

    This is fine, GPL allows this - what the issue appears to be is if someone can then DISTRIBUTE this modified version (allowing forking & an 'escape door' if he decides to completely abandon Free Software).

    His email doesnt make the issue any more clear - or am I missing something?

  • Re:Good. (Score:5)

    by RedWizzard ( 192002 ) on Sunday June 03, 2001 @04:02PM (#179826)
    Darren Reed raises some good points on his behalf. If one wants to create a piece of software, and then give it to the open source community, nobody should go to tell him that he should release it under some particular license.
    The problem is that it's not clear that the license does give IPFilter to the open source community. From what I've been able to find out the course of events goes something like this:
    1. IPFilter is released and everyone (including Darren) believe it is an BSD type OSS license.
    2. A development version is released with a license that prohibits distribution of modified versions.
    3. Darren and Theo get into some sort of flame-fest over IPFilter (I don't know nor want to know the details of this).
    4. Darren gets the original IPFilter checked by a lawyer and then claims that the original license doesn't allow modification. He also pretty much refuses to publicly discuss it (saying "get a lawyer's opinion"), and comes off as an asshole.
    5. Theo yanked IPFilter out of OpenBSD. That was pretty much all he could do, but he was his usual abrassive self about it.
    6. Now Darren says the original IPFilter license does allow modification and that he won't change it because that would imply there's something wrong with it.
    The problem is that the license is too vague. It doesn't mention modification anywhere. It does grant you the right to "use" the source code. Does "use" only mean study and compile or does it also include modification? This is a vital question to anyone who cares about only supporting/distributing open source software. Just seeing the source isn't enough (although MS would have you believe otherwise). What it boils down to is that whole reason this has become such an issue is that Darren got (rightly) annoyed that he was being made out to be the bad guy and got flammed heavily and then (wrongly) refused to clarify (until now) or change the license.
  • Bitch all you want about Theo forking off of things. The fact is, in both of the things you name (SSH and BSD), his fork is superior in terms of what he wanted (security and license terms).

    The guy isn't a diplomat, but his work is rock solid. I hardly think your claim about OpenSSH being OpenBSD centric is valid. People from OpenBSD do most of the work on it. I doubt it takes too long to make patches for ports to other BSD's. It's not like they can go to ssh.com and ask them for the source or something. OpenSSH allowed the open source people to continue using the protocol through version 2. They should be praised; not derided.

    Theo was right to kick IPF out of OpenBSD if this guy is going to screw around with his licensing terms. The OpenBSD people have been clear from the start what their licensing terms were. This IPF guy has been deliberately vague and misleading about his terms. Now that it has come to light, the result should not be surprising.
    The reality of this IPF fork is that it will be a quality project that more people will be able to use (because it will be a BSD license and not this semi-closed game playing from Mr. Reed).

  • I should note, that if you take copyright law to heart, the BSD license does not grant the right to copy, only distribute.

    The BSD license allows "redistribution in source and binary forms, with or without modification..." Just how do you plan to do that without copying?

  • Good. (Score:5)

    by Mik!tAAt ( 217976 ) on Sunday June 03, 2001 @01:18PM (#179829) Homepage
    Darren Reed raises some good points on his behalf. If one wants to create a piece of software, and then give it to the open source community, nobody should go to tell him that he should release it under some particular license. All Reed wants to do is to make sure that he holds the strings in IPFilter development. After all, it is *his* software, although available for everybody without fee. And it is under *his* jurisdiction, which license does he want to release it under, not /. community or even Theo. After all, we didn't pay for him to do IPFilter, we really aren't in the position to complain. If he wants to give it free to everyone, we should be thankful.

    (This is just my $0.02, don't get all hysterical on my heretic opinions, I'm way too tired to think straight)
  • According to www.deadly.org it is still in the current (2.9) OpenBSD release.
    J.

  • Re:bsd license+darren's license dont go together (Score:5)

    by tronbrain ( 236272 ) on Sunday June 03, 2001 @01:47PM (#179831)
    What a mess. This could probably be mostly attributed to a lack of diplomacy on DeRaadt's part, but it seems to me Reed is trying to have his cake and eat it too, and that Theo has done the right thing by removing IPFilter from OpenBSD. The "clarification" of the IPFilter license clearly makes it non-compliant with the BSD license, and therefore it has no business being part of the base distribution. End of story. Yes, Reed is free to do whatever he pleases with his software, but is he truly interested in limiting its usage in this way? What's the use of putting free, open-source software out there and putting such limitations on its usage? And given that the IPFilter license is not a BSD license, and despite Reed's insistence that he will continue to work with the Free/NetBSD crowds, doesn't his license preclude any of the BSDs from distributing IPFilter as part of the OS? If the Free/NetBSD people are serious about their license, they would have to follow DeRaadt's lead on this decision. And then IPFilter's userbase will drop to a handful of people, basically Darren Reed and his closest buddies. Is that what he wants?

    As an OpenBSD user, I am disappointed to see IP Filter go, but I understand Theo's decision behind eliminating it. On the principal of it, and despite how I would prefer to see everybody work together instead of get into pissing matches, I would have to agree with him. Theo is a controlling, inflexible person, yes, but he writes good code and sticks to the essential principals behind his OS, including the proactive nature of the code review and the open/free license for its distribution. OpenBSD is, in my experience, clean, stable, straightforward, and secure, and that's probably because of the guiding principals behind it. I'm glad to see Theo continue to stick to his guns, in that regard. Let's hope he refines his diplomatic skills in the future, and perhaps next time he can convince someone like Darren Reed to join the cause out of goodwill instead of react against it out of spite.

  • Sad... (Score:1)

    by arfy ( 236686 )
    "Clarify" in this case equals "I didn't put this stuff in my original license but maybe I should have"?

    Weasel-words by any other name. I'd think Reed would rather be remembered for his skill using words accurately in computer code instead of how poorly his home-crafted legalese was cobbled together. I don't know if the code is worth forking, but adding phrases after the fact to your license and saying that's what you really meant all along...? Lame. And it won't protect the code written before the added verbiage.

  • Comment removed (Score:4)

    by account_deleted ( 4530225 ) on Sunday June 03, 2001 @02:12PM (#179833)
    Comment removed based on user account deletion

  • Comment removed (Score:5)

    by account_deleted ( 4530225 ) on Sunday June 03, 2001 @02:27PM (#179834)
    Comment removed based on user account deletion
  • What are Open* people doing? Wasting time in reinventing the wheel, not because previous wheel don't run well, but because they don't like the "color" of the actual wheels? In those days of lack of good open-source programmers, are we really wasting so much time?

    In that I see the consequences of Microsoft's point of view on open source. Put it this way: IPF creator has been scared by the whole "open software - no money" axiom, and he tried to adjust things. Creating havoc all around.

    Old latins used to say "divide et impera", which means "split up and rule". The best way to conquer is to split up the enemies and eat them all one by one ('embrace and extend' looks similar, to me).

    just a thought.

  • I really wish people like you would just drop off the face of the earth. Quit blaming Theo's lack of diplomacy, or attititude, or whatever you trolls call it. I dont know how many times I have said this.. but the whole reason OpenBSD was because people on the NetBSD was more concerned with politics than code. If you want a sensitive, in-touch-with-your-feelings spokesperson, perhaps you can check out a candle store or body bath store.

    ---------------
  • You are not allowed to distribute modified code.
  • I haven't read such a crap recently,

    FreeBSD is advancing much faster than Linux is. Why aren't NetBSD and OpenBSD so successful? Well, NetBSD tries to be too wide and embracing, OpenBSD tries to be too narrow and focused. FreeBSD successfully follows its own path and doesn't try "kicking ass", and "be the best in whatever". It just peacefully creates wonderful stuff, without a rush, and without delay.

  • It is the use in other software, dummies (Score:3)

    by unborn ( 415272 ) on Sunday June 03, 2001 @04:45PM (#179839)
    Clearly, Darren means "Do not make a fork (OpenIPF) and distribute it, it is illegal". But patching, fixing, tuning, porting should be legal as long as you GIVE CREDIT (as *BSDs always did), and as long as you are not making your own version. *BSDs never made their own versions, they just tuned IPFilter for use in the OS. *BSD folks never distributed (a modified) IPFilter without their OS. And that is why Darren was happy about it. Now if OpenBSD try to do that, it would be a violation.

    I don't see why everyone is jumping at Darren, his licence is just to say "Hey, if IPFilter is used to enhance your product, ok, but if you are making IPFilter look like your product (e.g. distribute it separately) - don't try it".

    Darren is right, IMHO. Because if he let everyone distribute their own fork of IPF people would still blame him for stuff he hadn't done. The job of an OS is to make an OS, not separate small products. And it has been this way, and will be.

    Thank you, Darren for making that clear.
  • "ipfw: open source but not BSD licensed"

    That's weird, go look at the source files. It looks BSD licensed to me.
  • IPFilter isn't part of the operating system, at least as far as FreeBSD goes.

    I don't care for religious philosophies and would rather each his own.
  • Softupdates for a time was under a restrictive license and available in FreeBSD.

    It basically comes down to Darren wanting limited control over the IPFilter project. I haven't seen him say anything adverse to distribution, just that he'd like to be the one who controls the direction of the project.

    Almost all the code was written by him anyway with a few patches from other people, relative.

  • Re:Other firewall software? (Score:3)

    by illaqueate ( 416118 ) on Sunday June 03, 2001 @01:30PM (#179846)
    http://www.obfuscation.org/ipf/
    http://www.onlamp.com/pub/a/bsd/2001/04/25/FreeB SD _Basics.html
    http://netfilter.samba.org/netfilter-faq.html
    http://netfilter.samba.org/unreliable-guides/
  • He never stated it was open source

    Bullshit.

    http://msgs.SecurePoint.com/cgi-bin/get/ipfilter-0 007/110/1.html [securepoint.com]

    Dinivin
  • This kind of license combines the worst of the closed and open source worlds.

    In closed source you are dependant on one source for fixes. But it might make it more difficult for crackers to find holes because they can't look through the code.

    In open source crackers can look through the code for holes. But anyone can look at the code and provide a fix.

    Under this license crackers can go through the code looking for holes. But you are still dependant on one source to provide a fix.
  • Users of free software, and more importantly, other contributors to the *BSD projects, have a right to a clear, unambiguous license of the entire distribution. Darren says he isn't going to change the license to the BSD license, he'd much rather go on explaining as he goes along what his license means. That's his right. But I think the consequence of that choice is that the software shouldn't be part of the BSD distribution because it undermines the otherwise very liberal license of the entire BSD distributions.

    As for "blame", I don't think Darren is to blame. IPF should never have made it into BSD into the project in the first place. It is the BSD project should have made sure that every piece of code that makes it into the distribution falls under a standard license. While the BSD project sometimes views the GNU folks as heavy-handed, they themselves must pay more attention to licensing issues if they want to keep the freedom inherent in the BSD distribution alive: if BSD gets invaded by more software contributions with restrictive licenses, BSD itself will cease to exist in its current form.

    Successful open source software projects are great vehicles for purposes of marketing and establishing industry standards. As such, they are constantly at risk of being invaded by contributions that come with their own licenses and commercial or personal agendas. The GPL world has its own share of issues in this areas, with companies using projects to push their products by contributing either limited functionality code or code with strings attached. Watch out.

Slashdot Top Deals

Somebody ought to cross ball point pens with coat hangers so that the pens will multiply instead of disappear.

Close