RedHat forks OpenSSH?

Richard Holland richard at drdispatch.com
Fri Nov 12 11:25:52 EST 2004


I work for lawyers, have for 5 years now.  I consulted several on this 
issue, some educated enough on this area of law, others not.  A lot of 
what's said here is true on both accounts.  What Theo De Raadt says 
about "trade secret" law appears to be true, he's not blowing steam up 
your asses.  They all agree it's somewhat questionable as to wether or 
not what OpenSSH is doing with aacs is "illegal".

Discussing this issue over some scotch with one attorney, one I consider 
a good friend, after hearing the basic flow of this argument he posed 
this question:

"Why do the OpenSSH folks care?  If Red Hat took their code and is 
distributing in a state they don't like, refuse to support it.  Being 
that a simple civil law suit from one of these hardball prick 
organizations like the MPAA/RIAA hell bent on protecting their property 
or whatever the hell can destroy a publicly held company once the media 
gets wind of the lawsuit being filed". 

If Red Hat removed this code in question from a legal standpoint, it's 
probably just a safegaurd and perhaps not needed.  Red Hat wouldn't care 
to have the media saying bogus things like "Red Hat, provider of Linux, 
is using some super encryption code and distributing it illegally".  
Untrue as that is, it would affect stock price.  This is a possible 
motivation.

This is obviously not an issue OpenSSH should bother caring about.

Red Hat is distributing OpenSSH's project and work in a state they deem 
as being hard for OpenSSH to support.  Red Hat can either fix it, or 
have their tarball recognized as something OpenSSH neither condones nor 
will support.

OpenSSH seems firm in their stance, so that is that. 

Red Hat probably should properly contact the OpenSSH people and explain 
why this was done.  Perhaps they feel they have fixed something here.  
It is possible that this code hack has nothing at all to do with US 
law.  Anytime you change a person's code you should provide a reason 
why, it may be beneficial to the original code's maintainer.

Don't get confused, the first half of this mail is just me trying to 
explain a reason as to why this list debating the legality of aacs is 
probably moot.  I don't use Red Hat, never have.  I don't agree with how 
they've handled their source changes to OpenSSH.

Richard Holland
Holland Transportation










More information about the openssh-unix-dev mailing list