Slashdot Mirror

← Back to Stories (view on slashdot.org)

For OpenBSD, "No More Apache Updates"

Posted by Hemos on from the the-end-of-an-era dept.

joshmccormack writes "On June 6th Henning Brauer, an OpenBSD developer announced on one of the OpenBSD mailing lists that the version of Apache shipped with OpenBSD will stay with 1.3.29, due to Apache's license changes. There will be bug fixes, but no more updates. Discussion on blogs, websites and mailing lists on what's next bring up some interesting ideas and strong opinions. Difference of opinion and control have been catalysts to the growth of OpenBSD in the past. Will this be like the birth of pf in OpenBSD, or even the start of OpenBSD itself?"

11 of 128 comments (clear)

  1. Re:No posts thus far - an omen? by Goo.cc · · Score: 3, Interesting

    de Raadt's stance on licensing is the proper road to take, and commendable. From my observations, Debian is the only other operating system group that is as dedicated to free software as OpenBSD is.

  2. Other OS vendors by DieNadel · · Score: 3, Interesting

    What are other OS vendors doing? It's clear that the new license isn't GNU compatible, and I think that Debian is also going into a direction similar to OpenBSD on this matter.
    Anyone care to elaborate on this?

    --
    Utinam logica falsa tuam philosophiam totam suffodiant!
    1. Re:Other OS vendors by Brandybuck · · Score: 4, Interesting

      The old Apache license wasn't GPL compatible either. In neither case should it affect Debian unless they choose to make a political stink out of it.

      --
      Don't blame me, I didn't vote for either of them!
  3. Re:So what? by the+morgawr · · Score: 2, Interesting

    how well does it handle dynamic content (like using php and perl)? Obviously it can't use mod*; so is it restriced to CGI? Wouldn't CGI be a step back as far as speed and security go?

    --
    The policy of the United States is worse than bad---it is insane. -- Ludwig von Mises, Economic Policy(1959)
  4. Not a real problem by jpkunst · · Score: 4, Interesting

    I don't think this will be a real problem. If Apache is no longer allowed in the OpenBSD base system it can simply be moved to ports/packages, and it will be just a pkg_add away - just as is now the case with Apache 2.0.

    JP

    1. Re:Not a real problem by jpkunst · · Score: 2, Interesting

      But since everything is open source, it should be possible to apply any OpenBSD security patches to 1.3.31 or later, and offer that one (in ports/packages) as 1.3.31 (+ patches), right?

      JP

  5. Re:No posts thus far - an omen? by xoboots · · Score: 5, Interesting
    Do you think Cicso would have put a GPL'd SSH into their products? Probably not: they'd have done their own management application, which would only run on Windows machines or a few Unixes, or stuck with telnet. GPL advocates would probably say that was a "victory for freedom of the code", as the (hypothetical) GPL-SSH code wasn't used to make a profit by the evil Cisco. BSD advocates would prefer that the code be FREELY USED by ANYONE, including Cicso, Microsoft, Sun, HP, Intel, Motorola, IBM, and anyone else. Restricting ANYONE, no matter how "evil" they are perceived to be by someone is very much against the point of the BSD license.

    FOOL. The GPL does not restrict anyone from using GPL licensed code. It restricts the ability to hinder or encumber the code and that is the choice that users must make. BSD is free beer, certainly--no wonder corporations love to suck it up. GPL is free code--the code itself is free from the whims of its users. What is the difference? BSD derived code (which may be FAR more useful than the original sources) can disappear while GPL derived code can not. You're right about one thing: the GPL is *NOT* about user freedom while the BSD is. I suggest that the GPL is far more important to software as a result. I don't care whether CISCO or whomever makes money--I care that quality code remains in the community. (AND note, they can equally well make money with GPL'd code--they only have to share back their modifications. Is that really asking too much?)

  6. Re:So what? by Triumph+The+Insult+C · · Score: 3, Interesting

    no, downloading apache elsewhere and running it is not recommended. the asf/apache still has got security bugs that are patched by openbsd/apache, but they (asf) refuse to accept the patches. that's why the openbsd description is (1.3.29 ... + patches)

    --
    vodka, straight up, thank you!
  7. Re:This s about Patents and it is a strange compla by TiggsPanther · · Score: 3, Interesting

    I think this is where the problems come in. From what I can tell (be warned: legal-speak confuses me immensely) it seems to be a necessary change because of the recent furore about software patents. It seems to be merely a restriction to prevent patent-holders from contributing their ideas to the codebase and then down the line trying to charge for use.

    The problem then appears to stem from the fact that said restriction is a restriction - and is incompatible with the majority of current free/open licenses.
    Or something, anyway. but basically it looks like changes which are a good idea in theory are incompatible with the letter of a lot of F/OSS licenses. And, like it or not, this means that it can cause problems unless/until the GPL/BSD/WTF licenses catch up with the changes.

    I'm not so sure it's that the changes are nevessarily a "bad thing", more that the various F/OSS groups are showing that they take licensing seriously. And with the current anti-free FUD going around, showing that they will take serious steps to avoid breaking licenses can only be a positive step.
    Sadly, the drawback is that to Play By The Rules sometimes they have to make unpopular decisions. But the flipside is that, if necessary, they can still fork from earlier versions.

    Tiggs
    --
    Tiggs
    "120 chars should be enough for everyone..."
  8. Re:So what? by c13v3rm0nk3y · · Score: 1, Interesting

    Hmmm. Non-forking model.

    For specific solutions requiring fast startup and minimal size for serving static pages, I bet thttpd is perfectly reasonable.

    I'm not sure a non-forking, 100% in memory, server can replace a full commercial installation of Apache (when tuned properly, that is).

    Not having looked at thttpd in any real way, this is my first concern.

    I also depend on a fair amount of module support in Apache (so obviously, I'm not _that_ concerned with performance!) so switching to some new model might be a bit of a challenge.

    Now that I think about it this way, I wonder how useful a "J2EE" model of webserver might work. Have a standard server framework that one can tweak via add-ons. Whether this is done via JavaBeans, or native plugins is not the point. I'm only riffing on the idea of a standard server framework that can implement a true plugin protocol using some kind of published and open API.

    I'm sure this has been thought of already. I wonder if there is an implementation (other than general-purpose app servers, like JBoss)?

    --
    -- clvrmnky
  9. Re:So what? by geoffspear · · Score: 2, Interesting
    Well, actually reading the resulting pages instead of just looking at the numbers would help a bit.

    I, for one, am shocked that there are 26,000 total pages that mention thttpd at all, let alone with "security" thrown in.

    --
    Don't blame me; I'm never given mod points.