Ask Slashdot: "Pseudo-Free" Software in Major Distributions?

PugMajere submitted the following: "I've been looking into using SSH and rdist to distribute around 2 gig worth of data to about 1000 machines nightly. Rdist (v6.1.5) would be perfect for this, as it automatically forks to send data to multiple machines, but it isn't totally free software. The problem is with SSH. To use SSH with rdist you need the server side of SSH on each of the machines that are running the rdist server. The licensing fees for this are simply astronomical for this kind of application. While researching all this I noticed that Red Hat includes rdist (6.1.5) in its distribution. I also now know the rdist license terms. Rdist isn't free to use in a commercial setting if it involves another company. So, if you have two companies running Linux, that are collaborating on some project, and sharing some of the data using Linux and rdist, they owe Magnicomp money. My real question here is: Does anyone else realize this? How many other packages have similar arrangements that are going to cause major headaches in the future?"

Not so fast...

[Brian+Knotts]

I know that that part makes it sound like you can *use* the software for whatever you like, but...

From the ssh COPYING file:

--------------------------------------------------

(b) You may use the program for non-commercial purposes only, meaning that the program must not be sold commercially as a separate product, as part of a bigger product or project, or otherwise used for financial gain without a separate license. Please see Section 2, Restrictions, for more details.

--------------------------------------------------

And...from the ssh FAQ:

--------------------------------------------------

3.2 May I legally run ssh?

The UNIX version of ssh 1.2.27 may be used freely for non-commercial purposes and may not be sold commercially as a separate product, as part of a bigger product or project, or otherwise used for financial gain without a separate license. The definition of "commercial use" is generally interpreted as using ssh for anything that would generate financial gain, such as logging into a customers system to do administration, or providing ssh as a secure login to your partners or vendors.

In email between Data Fellows and the maintainer, the following questions were asked and answered:

================================================== =============
S: Steve Acheson, FAQ Maintainer
P: Petri Nyman, F-Secure SSH Product Manager for Data Fellows

S)Can a company use the 1.2.26 release of the SSH software freely for
S)internal support and administration without violating the license
S)agreement?

P)You can freely use it for internal support and administration of your own
P)equipment located in your premises.

S)Does connecting from one machine to another via SSH to
S)read email, do work, etc, violate this agreement?

P)No, unless you provide this ability to a third party or connect to a third
P)party's computer to provide a service.

S)Does connecting from a purchased PC client SSH software to a non-licensed
S)SSH server violate the agreement?

P)No.

S)Does connecting to a remote site, that is not company owned, but company
S)administered, via SSH to do administrative work violate the agreement?

P)Yes. You need a commercial license for that.
================================================ ===============

--------------------------------------------------

So, I'd say that it's at least legally questionable if you use ssh to connect to client machines, or vice-versa.

--

Re: Debian does distribute non-free software

[Bruce+Perens]

There's no non-free software on the Debian Official CD. If you want to use the non-free stuff, you have to get a non-free CD from your CD distributor that's separate from the Official CD, or you have to download it. In either case, the words "non-free" are staring you in the face.

The Debian Social Contract was not written to eliminate non-free software from the face of the earth, but to keep it out of Debian's "main" directory. The contrib and non-free directories aren't an official part of Debian.

Bruce

Re: Debian does distribute non-free software

[Bruce+Perens]

I wrote the scripts that master the Debian Official CD set. The ISO 9660 files that are the output of these scripts are distributed to CD manufacturers by Debian. If you want to call it the Official CD, you can replicate the ISO 9600 images that Debian distributes to you, but you can not change them. You can of course distribute other versions of Debian as long as you do not call them official.

The Official CD ISO 9660 images do not contain non-free software. They do contain an old BSD version of rsync.

Bruce

Summary

[Bruce+Perens]

Let's see if I've got this straight. There are three rsync licenses. The license on their web site is seriously non-free. The license in the red hat version has an addendum to the BSD license that doesn't allow for-profit use, so it's non-free as well. The red hat one-line license indicator just says "BSD" and that's wrong. The Debian version is from 1996 and is under the straight BSD, so it's free software.

Bruce

Re:Welcome to $Linux$

[Bruce+Perens]

Everything in Linux is like this. They grab you by telling you everything is free then when you want to do anything necessary to get a big corporatoin running, your forced to fork over big bucks to companies you've never heard of

That, sir, is why we're so "fanatical" about licenses. To protect you from exactly what you described.

Thanks

Bruce

Re: Debian does distribute non-free software

[Bruce+Perens]

I checked. There's really an addendum to the Red Hat version that makes it non-free. Extract the source package and look just before the usual BSD license text.

Re:ssh / sdist

[arl+bean]

There is a GPL secure shell called lsh under development. See http://www.net.lut.ac.uk/psst/ I have not tried it and it does currently have the warning

This directory contains snapshots of lsh development. lsh is a free implementation of the ssh protocol.
lsh is far from finished; don't expect these snapshots to compile or work, and even if they appear to work, beware that lsh currently does *NOT* provide any security at all.
/Niels Möller

Have you looked at libio license?

[poopie]

Basically this means that you can't make commercial software on linux that uses libio unless you use a GNU compiler.

-----------------------

http://www.cygnus.com/pubs/gnupro/4_libs/c_The_G NU_C++_Iostream_Library/libioIntroduction_ to_Iostreams.html

Licensing terms for libio

Since the iostream classes are so fundamental to standard C++, the Free Software Foundation has agreed to a special exception to its
standard license, when you link programs with libio.a.

As a special exception, if you link this library with files compiled with a GNU compiler to produce an executable, this does not cause the
resulting executable to be covered by the GNU General Public License. This exception does not however invalidate any other reasons why
the executable file might be covered by the GNU General Public License.

The code is under the GNU General Public License (version 2) for all purposes other than linking with this library which means that you can
modify and redistribute the code as usual; remember that, if you do, your modifications, and anything you link with the modified code, must
be available to others on the same terms.

Open Source Compliance Opinions

[werdna]

In my legal practice, I am more and more frequently asked by clients (one or more a month now) to review ALL licenses of incorporated or embedded open source code and to advise or opine as to the specific obligations arising from the mix of software and the manner in which it the software is mixed with putatively proprietary code.

Unsurprisingly, clients' first question is whether (and if so, how much and how) code must be distributed in open source or at least offered for distribution. They are often surprised that there may be serious questions whether the software can be distbuted at all!

As it turns out, these questions are rarely easy ones to answer, even after assuming that the agreements are all fully enforceable. On the other hand, the failure to perform such an analysis can lead to substantial downsides such as the suggested example.