Slashdot Mirror
IPFilter Clarification
Joe Wanker writes "Darren Reed has posted some clarification on the IPFilter license hoopla. Specifically, counter-smacks Theo for the pile of bad press, states that threats don't do anyone any good, says he expects further releases to continue to contain the same licnese, and mentions that he is working with various core teams of important projects to make things work for everyone."
ok, darren has said that his license has been misinterpreted, that theo has been bad mounthing him and making bad press, the way i see it, theo is right, maybe not about the whole bad press crap, but hey, darren says the end user can modify his code and use it that way, but i was always under the impression that that simply wasnt enough for the bsd license...if i want to modify it and sell it closed source, as long as i give due credit, i should be able to...THAT is the bsd license, that is NOT what darren's license says...maybe i am on crack, i dont think so though, i do think dareen has a little bit of a fantasy going on now. he stepped on a lot of toes and for as non-chalant as he tried to be, he realizes he messed up and now is tried to backtrack in his opinions, if not on the license itself.
The link leads to a post on a mailing list archive. Take the time to read through some of the other comments posted there.
Now I can rest easy, knowing my bsd has been audited not only for security but also for questionable licenses.l
e rs _license)
from: http://www.bsdtoday.com/2001/June/Features496.htm
"After a lengthy (and "fun") discussion with Theo de Raadt, Wietse Venema updated his license. It is now:
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that this entire copyright notice
* is duplicated in all such copies.
(ftp://ftp.porcupine.org/pub/security/tcp_wrapp
As you can see, it added the "with or without modification" clause. tcp_wrappers now matches the goals of free open source."
Is that really too much to ask for? But now it's back to my OBSD2.9 install (complete with IPF).
AMF
Or how about his message on the FreeBSD security list, where he describes it as public domain
sorry, the "theo's being mean to me" defence is old, boring and lame. the license as i read it isn't very acceptable to a project that does security audits and, if worse comes to worse, aims to fix security holes in short order.
i don't run any servers that need openbsd's level of security, but if i did it would make me happy that a hardass like theo was running it.
US Citizen living abroad? Register to vote!
I have no clue what the AC you responded to was talking about (perhaps he can clarify?) but I don't think that ipfilter is by far the best packet filter. If you rule out the fact that it is cross platform, which you obviously did since you compared it to iptables, I would suggest FreeBSD's ipfw/ipfirewall as a better alternative. In conjuction with dummynet, divert sockets and natd, it does everything you could possibly want from a packet filter and then some. Fancy adding some extra delay, add packet loss or throttle flows perhaps, individual ones or a number of them, or per protocol or whatever else? want traffic shaping to go with that? per subnet, ip, uid or gid perhaps? no problem, you can do that with ipfw, and with nice, sane syntax.
I also find natd vastly superior to any other nat implementation I used to date. Some people don't like the idea of nat being done in userland, but I never observed any performance problems.
>Darren Reed raises some good points on his >behalf. If one wants to create a piece of >software, and then give it to the open source >community, nobody should go to tell him that he >should release it under some particular license.
:-)
If the software in question is released under a closed license that nothing has really been given to the open source community.
When a license says that distributing modified version is not allowed, THAT is indeed a closed source license.
>All Reed wants to do is to make sure that he >holds the strings in IPFilter development.
Isn't that all that Microsoft wants to do? Hold the strings in Windows and Office development?
I'm hoping that with Darren's most recent clairification that this whole issue is over.
>I also think that Darren Reed has a right to >license HIS code anyway that he damn well pleases.
Agreed. However, Theo also has a right to license HIS project however he damn well pleases and to set standards for inclusion into his project. Darren Reed's last "clarification" said that distributing modified version of IPF was not allowd. That's very much contrary to the stated goals of the OpenBSD project. Theo would have been a hypocrite *not* to pull IPF from OpenBSD.
And don't pretend that you just figured out that Theo can be an ass. Next thing you'll say that RMS is a bit rigid.
Jesus was all right but his disciples were thick and ordinary. -John Lennon
Apple is using IPFW in Darwin.
Here's why Reed's new license wording is in fact a change in meaning:
1. He did not in the past correct people who were under the impression
that it was BSD-licensed. Now, copyright law doesn't require this - but
common courtesy does.
See e.g. this thread:
http://false.net/ipfilter/1999_12/0055.html
And of course, Open, Free, and Net BSDs distributing modified versions
w/o any problems.
Now, the original license seemed to allow modification - I base this on
two things, which I have marked with _s :
"Redistribution and use in source _and binary_ forms are permitted
provided that _this notice is preserved_ and due credit is given
to the original author and the contributors."
1. Allowing redistribution in binary form is already allowing derivative
works - the original is distributed only in source form.
2. Removal of the notice would constitute modification - the existence
of this phrase implies that other modifications are allowed.
So, it can definately be argued that Reed's new license is a change in
meaning.
(I tried to post this to my local LUG mailing list, but their server is on crack).
Become a FSF associate member before the low #s are used
Darren's license will not stand up in court. For the last 8 years Darren has been very happy to watch people make changes to his code. Now he wants to retain control. Sorry, it doesn't work that way Darren. You should have told us eight years ago and we would have started our own project. The inability to make modified works makes your code useless, totally. Now, on the matter of a fork. You cannot stop it. Your removal of the words "with or without modification" from the BSD license is not enough. The words "use in source and binary forms is permitted" does not exclude making derivative works. I'm not just talking out my ass here, I have spoken with a number of copyright lawyers who are active in the Open Source community. If you sue, you will lose and you will waste a lot of money doing so. I believe you are aware of this (as you've indicated in other posts) and this is why you have specifically changed the license. Good for you, I wish you had done it eight years ago. Is this a moral thing to do? Well obviously that depends on how you feel about copyright in general. Stallman would disagree, but hey, that's Stallman. So you've bait and switched us all? You claim that you've done all the work and gotten nothing in return. I know how that feels, and I dont begrudge you for changing your license to retain a little more control, but dont try to be an indian giver. You may think you are doing nothing you're not entitled to do, after all, you wrote the code right? Well as I said, if you had made it clear that this was the case eight years ago we could have written some code too. Maybe yours would be better, maybe ours would be better, that's not the issue, the issue is that our code would have come without strings attached. Strings that say that we cant even fix bugs without your permission. Yes, by your interpretation, we can fix em on our private machine, sure, but we cant distribute those changes (actually, I'll inform you that patches are covered under fair use, but that's a poor substitute). Oh I hear you when you say that you'll accept any changes and distribute it for us. I hear you but I also hear the voice of time. Sooner or later you're going to blink out of existance Darren. And who do you think will own your copyright? Your wife, your son, your parents, that's *if* you have a will. Are they going to keep developing your code? Are they going to rerelease your code under a more liberal license? Or are they going to auction it off to the highest bidder who will then have the sole rights to make derivative works for the next 50 years? The fact is, if you close the source we are all left with an unchangable block of code that we cant make changes to. Remember here, I'm talking about your new license, with the specific conditions you have placed on derivative works (which at least was clear about the matter). Come on man, think about the big picture. If you are going to screw with the license, just close it now.
:)
Which is one of the good reasons I should give up ranting
How we know is more important than what we know.
Okay,
In the ORIGINAL license he gave permission..
"Redistribution and use in source and binary forms are permitted provided that this notice is preserved and due credit is given to the original author and the contributors"
Then he CHANGED/ADDED/CLARIFIED with..
"Yes, this means that derivitive or modified works are not permitted without the author's prior consent."
So, he didnt want the original changed, or forked.
But now he is saying..
"The licence is intended to mean that people can use (which includes modify or patch or tune, as seen fit) IPFilter as found within FreeBSD/NetBSD for whatever purpose they desire"
SO, in order, you can do what you want, as long as you credit. But no modifications. The license is intended to include modifications.
WHAT?!?!
WHICH IS IT??
Are modifications allowed or not? Yes or no? Its really that simple.
He is in that very hard place where he can either include ALL of bsd, or NONE. Yes, he and Theo are having a spat. Fine, I respect both of their feelings.
And if he wants to have a closed source license, so be it. But just be *CLEAR*. Choose a license. Just one, and STICK to it.
This last statement didnt clarify any more than the last statement did. It has completely confused things.
However, he has now SPECIFICALLY given permission to modify the version in freebsd's cvs.
I would grab that code, fork it, and turn it into OpenIPF.
This all comes down to wanting to help FreeBSD and NetBSD but not Open, because of how they do things. Well guess what? Thats not how BSD works. You either give FREELY, or you can use the GPL and go to the linux side of the fence.
Quit "clarifying" and CHOOSE an existing license so we know EXACTLY what to do with your code.
GPL'd web-based tradewars themed space game
- the less clear ipfilter's license is
- the more clear it is that Darren is rationalizing any interpretation that amounts to "(Free|Net)BSD good, OpenBSD bad"
Is Theo a jerk? I don't know, and I don't care. Local BSD/ipfilter advocates like to joke about the Linux kernel-of-the-month club, in reference to how rapidly and radically the Linux kernel changes. Hell, ipfilter is now in its own license-interpretation-of-the-week club.Here's wishing the best to folks woking on OpenIPF. The BSD folks deserve a good, Free packet filtering package.
Since Darren Reed's previous license is vague, one must look to the circumstances surrounding his use of the license. First, he has allowed his software to be included in and treated as open source software. Second, he may have even claimed his software was open source or lead people to believe this fact. Third, people have dependended upon this fact and may have invested significant, and unquantifiable time and energy into his product via bug fixes, suggestions, etc. Fourth, these people probably did this under the understanding that his software was indeed open source. Under these conditions and through the doctrine of promissory estoppel, Darren may not have the right to provide an alternative interpretation of his license which would not comply with the open source definition (which explicitly includes the right to make deriviative work without asking the creator). Lastly, people should stop calling his software "open source" unless he explicitly grants this right to make derivitive works, and Darren should start correcting people when his software is refered as open source... beacuse his new interpretation of his license clearly isn't open source. Disclaimer: I am not a lawyer.
promissory estoppel n. a false statement treated as a promise by a court when the listener had relied on what was told to him/her to his/her disadvantage. In order to see that justice is done a judge will preclude the maker of the statement from denying it. Thus, the legal inability of the person who made the false statement to deny it makes it an enforceable promise called "promissory estoppel," or an "equitable estoppel." Example: Bernie Blowhard tells Arthur Artist that Blowhard has a contract to make a movie and wants Artist to paint the background scenery in return for a percentage of the profits. Artist paints, and Blowhard then admits he needed the scenery to try to get a movie deal which fell through and there are no profits to share. Artist sues and the judge finds that Blowhard cannot deny a contract with Artist and gives Artist judgment for the value of his work.
I'll buy his stated goal of not wanting to deal with patches that do no apply cleanly (and anyone who has dealt with multiple OS kernel code can attest to the royal pain that re-indenting and like changes are). However, wishing to codify this is guaranteed to rub people the wrong way (and of course, rubbing Theo the wrong way is a surefire way of starting a war).
The whole thing smacks of all parties doing "what-if"s, and Darren falling prey to Fear, Uncertainty and Doubt. Not good.
Bert Driehuis -- All I asked was a friggin' rotatin' chair. Throw me a bone here, people.
- IPFilter is released and everyone (including Darren) believe it is an BSD type OSS license.
- A development version is released with a license that prohibits distribution of modified versions.
- Darren and Theo get into some sort of flame-fest over IPFilter (I don't know nor want to know the details of this).
- Darren gets the original IPFilter checked by a lawyer and then claims that the original license doesn't allow modification. He also pretty much refuses to publicly discuss it (saying "get a lawyer's opinion"), and comes off as an asshole.
- Theo yanked IPFilter out of OpenBSD. That was pretty much all he could do, but he was his usual abrassive self about it.
- Now Darren says the original IPFilter license does allow modification and that he won't change it because that would imply there's something wrong with it.
The problem is that the license is too vague. It doesn't mention modification anywhere. It does grant you the right to "use" the source code. Does "use" only mean study and compile or does it also include modification? This is a vital question to anyone who cares about only supporting/distributing open source software. Just seeing the source isn't enough (although MS would have you believe otherwise). What it boils down to is that whole reason this has become such an issue is that Darren got (rightly) annoyed that he was being made out to be the bad guy and got flammed heavily and then (wrongly) refused to clarify (until now) or change the license.Darren Reed raises some good points on his behalf. If one wants to create a piece of software, and then give it to the open source community, nobody should go to tell him that he should release it under some particular license. All Reed wants to do is to make sure that he holds the strings in IPFilter development. After all, it is *his* software, although available for everybody without fee. And it is under *his* jurisdiction, which license does he want to release it under, not /. community or even Theo. After all, we didn't pay for him to do IPFilter, we really aren't in the position to complain. If he wants to give it free to everyone, we should be thankful.
(This is just my $0.02, don't get all hysterical on my heretic opinions, I'm way too tired to think straight)
This is the place where you write something that will make you seem like a complete idiot.
Bizarre, isn't it?
--
You are not alone. This is not normal. None of this is normal.
Either way, for Reed to then write:
I'm sorry, but all of those people who have, for the last few days, taken Reed seriously and assumed Theo had done something awful, ought to be having second thoughts at this point. Yes, I know the man's hardly a diplomat, but the facts in this case are pretty much plain and in the open: Darren has created a confusing licence, doesn't quite know what to do about it, isn't quite sure what it should mean, and is blaming others for this confusion.
The OpenBSD team are on the verge of putting together an OpenIPF project, the domain has already been registered by Todd Fries. I sincerely hope that they succeed, and can produce something as flexible as IPFilter with a decent licence and consistant, intelligent, project management. It's a crying shame IPFilter will die a death because of this, it's a waste of code and a waste of good work, but in the current way its managed, it has to go.
--
You are not alone. This is not normal. None of this is normal.
Clearly, Darren means "Do not make a fork (OpenIPF) and distribute it, it is illegal". But patching, fixing, tuning, porting should be legal as long as you GIVE CREDIT (as *BSDs always did), and as long as you are not making your own version. *BSDs never made their own versions, they just tuned IPFilter for use in the OS. *BSD folks never distributed (a modified) IPFilter without their OS. And that is why Darren was happy about it. Now if OpenBSD try to do that, it would be a violation.
I don't see why everyone is jumping at Darren, his licence is just to say "Hey, if IPFilter is used to enhance your product, ok, but if you are making IPFilter look like your product (e.g. distribute it separately) - don't try it".
Darren is right, IMHO. Because if he let everyone distribute their own fork of IPF people would still blame him for stuff he hadn't done. The job of an OS is to make an OS, not separate small products. And it has been this way, and will be.
Thank you, Darren for making that clear.
http://www.obfuscation.org/ipf/B SD _Basics.html
http://www.onlamp.com/pub/a/bsd/2001/04/25/Free
http://netfilter.samba.org/netfilter-faq.html
http://netfilter.samba.org/unreliable-guides/