RedHat forks OpenSSH?

Ben Lindstrom mouring at etoh.eviladmin.org
Tue Nov 9 14:30:12 EST 2004


y

On Mon, 8 Nov 2004, Dan Kaminsky wrote:

>
> >Impolite in the fact they take a clean tar ball physically remove code
> >from it instead of using the native RPM patch methology.  Thus you have an
> >unsignable and unverifiable *.tar.gz file within the srpm.
> >
> >
> The point is that they can't ship SRPM's with ACSS, built or not.
> Negative patches still contain the offending code, even as they say
> "don't built this".
>

.. Thus giving them an excuse to do bad manors and not provide any
notification within the SRPMs that it isn't "prestine" code.

Honestly, Dan.  Do we really want to encourage such behavior?

Fine.. Redhat is misguided and thinks they have to remove the code.  Fine
let them.  But let them CLEARLY AND UNMISTAKENLY mark the thing as *NOT*
being "prestine" code.  So people can MAKE their own choices.  That is all
what "Open Source" is about?  Being utterly transparent so people can make
their own choices and not be "forced down a SINGLE person's path?"

BTW.. Does Redhat modify the *.tar.gz for the "could be illegal patent
usage" that is within the Truetype font server shipped with X?  Or do they
just not ship it enabled by default?

If they do ship it with it just turned off.. Then they better rush out
and remove the code.  Along with all the other stuff marked questionable.
Otherwise they are being pretty two-faced about the whole issue.

- Ben




More information about the openssh-unix-dev mailing list