Slashdot Mirror
IPF License Change: Redistribution Not Allowed
An Anonymous Coward writes: "I found this at SecurityPortal, here. I use IPF and I noticed last week in the snapshot the license changed: 'Yes, this means that derivitive or modified works are not permitted without the author's prior consent.' which was kind of bad since it violated OpenSource guidelines. Now the current snapshot of IPF says 'Redistribution is not permitted' which completely violates any Open Source style license. Does this mean IPF will have to fork an older version or someone needs to write a completely new version for all the BSD's/Solaris/etc?" The old license certainly doesn't read this way to me, but IPF author Darren Reed asserts this is only a clarification of the license, not an actual change. Another ssh vs. OpenSSH? More coverage at LWN, partway down the page.
This license applies only to certain test releases releases etc, that the author posts for testing purposes doesn't want in general distribution.
Information from Darren Reed on this appears at this URL:
http://false.net/ipfilter/2001_05/0458.html
Link to above URL
The previous license says (emphasis mine):
Now the author claims that the license said that "redistribution" and "use" were allowed, but not "modifications" and he has added a statement clarifying that, claiming that it had always been that way:
But this does not make sense to me: this addition does change the meaning of the license. Allowing "use in source [...] form" should imply that I am free to use the (unmodified) source code in any project, thereby creating a "derivative work".
The debate over "modified works" is another problem. Indeed, the original license did not explicitely allow any modification to the source code, only its use. However, the license did not specify what is meant by "use in source form", especially what happens if you only take a small part of the source code and use it in some other project. Or if you use most of the original source code (without any modifications), and use it in a new project that contains only one new file that happens to be compatible with an old file in the original IPF code and provides some new features.
I do not know what a judge would think about someone who says "you can use my source code" as if it meant "look, but don't touch." Most programmers would think that "use" means "use whatever part of this code in any project, including modified versions."
-Raphaël
2. People *assumed* the license meant what they wanted it to mean.
No, they assumed, naturally, that it meant the established meaning of the wording that he copied.
I don't recall seeing the word "modify", or any form of said word, in the original license, do you?
"Established meaning" might apply to GPL, BSD, and other widely-used licenses. This was Darren's own license for IPfilter.
3. He clarifies the license (the distribution policies of HIS software).
He changed it, adding restrictions that were not stated, and that therefore did not exist originally in the license,
He didn't specifically allow or deny modification rights, meaning the final authority on the subject would be the copyright holder...which is Darren. Ambiguous, yes, but lack of mention does not automatically mean you get that particular right.
and that therefore do not apply to the distributions before those restrictions were added (this is perfectly valid as it applies to the software distributed with the new releases, of course).
Not in Darren's interpretation, and since, again, there is nothing in his license preventing retroactive application of clarifications or changes (and Darren certainly sees this as a clarification, since he never specifically allowed modifications), it applies.
4. People complain they cant do things they ASSUMED were okay.
No, people are complaining that they can't do things that the license absolutely did not forbid before,
And absolutely did not allow. Once again, authority over unmentioned aspects reverts to the copyright holder - in short, Darren. Had someone asked earlier, they would have received the same answer. Instead, many assumed.
and which are a perfectly normal part of the "use" of the software source code.
"Use" can just as easily mean simple reading and compilation. Modification is explicitly allowed by other open source licenses.
In fact, that is a far superior solution, because it will prevent him from waiting until the competing software is complete, and then calling it illegal because of further "accidently left out" clauses forbidding reverse engineering the software and so forth and so on,
No sense doing that, as the source code is available for viewing and compilation, just not modification. In any event, rights not specifically granted by the copyright holder in a license revert to the copyright holder, to dole out as he or she sees fit.
and oh, that nondisclosure note he sort of forgot again to put into his "open" source, but which conveniently added just before the latest lawsuit he filed...
Non-disclosure would need to be specifically mentioned in this case, since he allows the source to be viewed, compiled, and outside of certain test releases distributed. An NDA would be a restriction on top of the previous rights he specifically granted to others, and would have to be specifically mentioned. Modification rights were never specifically dealt with.
Someday, you're going to die. Get over it.
Yes, the -submitter- failed to mention or discover that Reed only meant the redistribution restriction to apply to certain test releases. However, the restrictions on modification apply to -all- releases, past and future.
For another thing, this isn't panic; this deals with legitimate license questions, and raises issues of using non-free-licensed code in free/open-source software. IPFilter's license does not allow any modification without the author's permission; although I don't imagine Reed being evil over modifications being made for the *BSDs, it still goes against some of the spirit of OSS, and it calls into question how lax software maintainers should be about the licenses they allow into their software, especially when a clarification like this reveals restrictions that weren't explicitly mentioned previously, but are assumed to apply retroactively.
I can forsee a code license audit coming soon after this incident.
Someday, you're going to die. Get over it.
An interesting thing is that Todd Fries bought the openipf.org domain on May 25.
Todd contributes to many opensource projects, like OpenSSH .
So maybe it means that IPF have the same future than SSH : a really free implementation will follow.
At the same time, Linux Netfilter is growing. While it's not as mature as IPFilter, it's definitely featureful, and going in the right direction.
So maybe the BSD folks can work with the Netfilter dudes instead of reinventing the wheel. We would get only one free packet filtering system, but common to many system, with many developpers, and that would beat everything.
Porting Netfilter to BSD systems is not impossible. Internal socket structures are different, but the way protocols are analyzed can be left unchanged. And it should be also easy to code a parser that would rewrite IPF rules into Netfilter rules, so that people would be able to easily migrate.
{{.sig}}
Hub