Slashdot Mirror
IPFilter Clarification
Joe Wanker writes "Darren Reed has posted some clarification on the IPFilter license hoopla. Specifically, counter-smacks Theo for the pile of bad press, states that threats don't do anyone any good, says he expects further releases to continue to contain the same licnese, and mentions that he is working with various core teams of important projects to make things work for everyone."
Now I can rest easy, knowing my bsd has been audited not only for security but also for questionable licenses.l
e rs _license)
from: http://www.bsdtoday.com/2001/June/Features496.htm
"After a lengthy (and "fun") discussion with Theo de Raadt, Wietse Venema updated his license. It is now:
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that this entire copyright notice
* is duplicated in all such copies.
(ftp://ftp.porcupine.org/pub/security/tcp_wrapp
As you can see, it added the "with or without modification" clause. tcp_wrappers now matches the goals of free open source."
Is that really too much to ask for? But now it's back to my OBSD2.9 install (complete with IPF).
AMF
sorry, the "theo's being mean to me" defence is old, boring and lame. the license as i read it isn't very acceptable to a project that does security audits and, if worse comes to worse, aims to fix security holes in short order.
i don't run any servers that need openbsd's level of security, but if i did it would make me happy that a hardass like theo was running it.
US Citizen living abroad? Register to vote!
I have no clue what the AC you responded to was talking about (perhaps he can clarify?) but I don't think that ipfilter is by far the best packet filter. If you rule out the fact that it is cross platform, which you obviously did since you compared it to iptables, I would suggest FreeBSD's ipfw/ipfirewall as a better alternative. In conjuction with dummynet, divert sockets and natd, it does everything you could possibly want from a packet filter and then some. Fancy adding some extra delay, add packet loss or throttle flows perhaps, individual ones or a number of them, or per protocol or whatever else? want traffic shaping to go with that? per subnet, ip, uid or gid perhaps? no problem, you can do that with ipfw, and with nice, sane syntax.
I also find natd vastly superior to any other nat implementation I used to date. Some people don't like the idea of nat being done in userland, but I never observed any performance problems.
>I also think that Darren Reed has a right to >license HIS code anyway that he damn well pleases.
Agreed. However, Theo also has a right to license HIS project however he damn well pleases and to set standards for inclusion into his project. Darren Reed's last "clarification" said that distributing modified version of IPF was not allowd. That's very much contrary to the stated goals of the OpenBSD project. Theo would have been a hypocrite *not* to pull IPF from OpenBSD.
Here's why Reed's new license wording is in fact a change in meaning:
1. He did not in the past correct people who were under the impression
that it was BSD-licensed. Now, copyright law doesn't require this - but
common courtesy does.
See e.g. this thread:
http://false.net/ipfilter/1999_12/0055.html
And of course, Open, Free, and Net BSDs distributing modified versions
w/o any problems.
Now, the original license seemed to allow modification - I base this on
two things, which I have marked with _s :
"Redistribution and use in source _and binary_ forms are permitted
provided that _this notice is preserved_ and due credit is given
to the original author and the contributors."
1. Allowing redistribution in binary form is already allowing derivative
works - the original is distributed only in source form.
2. Removal of the notice would constitute modification - the existence
of this phrase implies that other modifications are allowed.
So, it can definately be argued that Reed's new license is a change in
meaning.
(I tried to post this to my local LUG mailing list, but their server is on crack).
Become a FSF associate member before the low #s are used
Since Darren Reed's previous license is vague, one must look to the circumstances surrounding his use of the license. First, he has allowed his software to be included in and treated as open source software. Second, he may have even claimed his software was open source or lead people to believe this fact. Third, people have dependended upon this fact and may have invested significant, and unquantifiable time and energy into his product via bug fixes, suggestions, etc. Fourth, these people probably did this under the understanding that his software was indeed open source. Under these conditions and through the doctrine of promissory estoppel, Darren may not have the right to provide an alternative interpretation of his license which would not comply with the open source definition (which explicitly includes the right to make deriviative work without asking the creator). Lastly, people should stop calling his software "open source" unless he explicitly grants this right to make derivitive works, and Darren should start correcting people when his software is refered as open source... beacuse his new interpretation of his license clearly isn't open source. Disclaimer: I am not a lawyer.
promissory estoppel n. a false statement treated as a promise by a court when the listener had relied on what was told to him/her to his/her disadvantage. In order to see that justice is done a judge will preclude the maker of the statement from denying it. Thus, the legal inability of the person who made the false statement to deny it makes it an enforceable promise called "promissory estoppel," or an "equitable estoppel." Example: Bernie Blowhard tells Arthur Artist that Blowhard has a contract to make a movie and wants Artist to paint the background scenery in return for a percentage of the profits. Artist paints, and Blowhard then admits he needed the scenery to try to get a movie deal which fell through and there are no profits to share. Artist sues and the judge finds that Blowhard cannot deny a contract with Artist and gives Artist judgment for the value of his work.
- IPFilter is released and everyone (including Darren) believe it is an BSD type OSS license.
- A development version is released with a license that prohibits distribution of modified versions.
- Darren and Theo get into some sort of flame-fest over IPFilter (I don't know nor want to know the details of this).
- Darren gets the original IPFilter checked by a lawyer and then claims that the original license doesn't allow modification. He also pretty much refuses to publicly discuss it (saying "get a lawyer's opinion"), and comes off as an asshole.
- Theo yanked IPFilter out of OpenBSD. That was pretty much all he could do, but he was his usual abrassive self about it.
- Now Darren says the original IPFilter license does allow modification and that he won't change it because that would imply there's something wrong with it.
The problem is that the license is too vague. It doesn't mention modification anywhere. It does grant you the right to "use" the source code. Does "use" only mean study and compile or does it also include modification? This is a vital question to anyone who cares about only supporting/distributing open source software. Just seeing the source isn't enough (although MS would have you believe otherwise). What it boils down to is that whole reason this has become such an issue is that Darren got (rightly) annoyed that he was being made out to be the bad guy and got flammed heavily and then (wrongly) refused to clarify (until now) or change the license.Darren Reed raises some good points on his behalf. If one wants to create a piece of software, and then give it to the open source community, nobody should go to tell him that he should release it under some particular license. All Reed wants to do is to make sure that he holds the strings in IPFilter development. After all, it is *his* software, although available for everybody without fee. And it is under *his* jurisdiction, which license does he want to release it under, not /. community or even Theo. After all, we didn't pay for him to do IPFilter, we really aren't in the position to complain. If he wants to give it free to everyone, we should be thankful.
(This is just my $0.02, don't get all hysterical on my heretic opinions, I'm way too tired to think straight)
This is the place where you write something that will make you seem like a complete idiot.
What a mess. This could probably be mostly attributed to a lack of diplomacy on DeRaadt's part, but it seems to me Reed is trying to have his cake and eat it too, and that Theo has done the right thing by removing IPFilter from OpenBSD. The "clarification" of the IPFilter license clearly makes it non-compliant with the BSD license, and therefore it has no business being part of the base distribution. End of story. Yes, Reed is free to do whatever he pleases with his software, but is he truly interested in limiting its usage in this way? What's the use of putting free, open-source software out there and putting such limitations on its usage? And given that the IPFilter license is not a BSD license, and despite Reed's insistence that he will continue to work with the Free/NetBSD crowds, doesn't his license preclude any of the BSDs from distributing IPFilter as part of the OS? If the Free/NetBSD people are serious about their license, they would have to follow DeRaadt's lead on this decision. And then IPFilter's userbase will drop to a handful of people, basically Darren Reed and his closest buddies. Is that what he wants?
As an OpenBSD user, I am disappointed to see IP Filter go, but I understand Theo's decision behind eliminating it. On the principal of it, and despite how I would prefer to see everybody work together instead of get into pissing matches, I would have to agree with him. Theo is a controlling, inflexible person, yes, but he writes good code and sticks to the essential principals behind his OS, including the proactive nature of the code review and the open/free license for its distribution. OpenBSD is, in my experience, clean, stable, straightforward, and secure, and that's probably because of the guiding principals behind it. I'm glad to see Theo continue to stick to his guns, in that regard. Let's hope he refines his diplomatic skills in the future, and perhaps next time he can convince someone like Darren Reed to join the cause out of goodwill instead of react against it out of spite.
Either way, for Reed to then write:
I'm sorry, but all of those people who have, for the last few days, taken Reed seriously and assumed Theo had done something awful, ought to be having second thoughts at this point. Yes, I know the man's hardly a diplomat, but the facts in this case are pretty much plain and in the open: Darren has created a confusing licence, doesn't quite know what to do about it, isn't quite sure what it should mean, and is blaming others for this confusion.
The OpenBSD team are on the verge of putting together an OpenIPF project, the domain has already been registered by Todd Fries. I sincerely hope that they succeed, and can produce something as flexible as IPFilter with a decent licence and consistant, intelligent, project management. It's a crying shame IPFilter will die a death because of this, it's a waste of code and a waste of good work, but in the current way its managed, it has to go.
--
You are not alone. This is not normal. None of this is normal.