RedHat forks OpenSSH?
Theo de Raadt
deraadt at cvs.openbsd.org
Tue Nov 9 13:53:12 EST 2004
> > The DVD CCA's belief that there is "legal 'trade secret' protection for=
> =20
> > CSS". http://www.dvdcca.org/faq.html While the OpenBSD project may not=
> =20
> > be an attractive target for the DVD CCA, Red Hat's lawyers may believe=20
> > that they could be. Even if the DVD CCA is wrong and you are right, it=
> =20
> > could still be expensive, both in legal fees and in lost sales, for Red=
> =20
> > Hat to argue the point in court.
>
> Over a broken and uninteresting cipher, I'm not suprised. In fact, I
> expect Debian will very likely also remove it.
>
> > Or, it can be forked, which it appears Red Hat is doing, albeit in a=20
> > very impolite fashion.
>
> Impolite is the implication that RedHat is forking OpenSSH because
> they're prudently removing specific files which are definitely of a
> questionable legal status.
What is so questionable about them?
Is there a trademark?
Is there a patent?
Were the files written by them, and therefore copyrighted by them?
Last I looked, the files were based on
- entirely legal reverse engineering efforts
- taken by a cast of hundreds on the net
- of a trade secret algorithm
- (which even in the case of DVDs is useless without the
actual keys from the disks, by the way)
- and the actual files in question are written by a german
developer of ours
So when you say 'questionable legal status', which laws are you talking
about?
Because I would love to know.
If ACSS is so bad, are you going remove all the ARC4 ciphers from
your operating system?
Either you tell us which laws you are talking about, or you are
precisely the kind of people who DVD CCA should be pushing around.
They don't have a leg to stand on. ACSS is a multiple-use
cryptographic technology, just like ARC4. Both are stream ciphers,
both have bugs, both were reverse engineered.
But one of them is a fight worth fighting and one of them is
associated with a bunch of spineless wimps who don't understand how to
use previous multiple-use rulings in our favour. Wimps.
More information about the openssh-unix-dev
mailing list