RedHat forks OpenSSH?

[Sean O'Malley]

Redhat if they get hit with a major lawsuit, say a 100M dollar settlement.
They go out of business. period. They made 13M last year, -17M in 2002,
and -138M in 2001. They have 700M in long term liabilities (debts).

They also dropped MP3 codec support from their distribution. Sure you can
GET the rpm to add the support, but they don't include it for legal
reasons. Lawsuits can cost millions of dollars even if you win, and RHAT
does not have the cash to sustain any major lawsuits.

The LAST time RH did something like forking, it was over the configuration
files for KDE. RH asked for certain changes between Gnome and KDE to make
user experience more cohesive between the two.  They asked KDE, who didn't
budge and they asked Gnome who didn't budge. And RH made the decision to
just change how all the KDE applications config file worked. The KDE
people were extremely upset. yada yada.

The point is they made the move to help the long term goal of getting
Linux on the desktop. And if you have applications behaving two different
ways it gets really confusing. Good in the long term, crappy to have
developers you are full of shit, and their way is the one true way.



On Thu, 11 Nov 2004, Richard Holland wrote:

> I work for lawyers, have for 5 years now.  I consulted several on this
> issue, some educated enough on this area of law, others not.  A lot of
> what's said here is true on both accounts.  What Theo De Raadt says
> about "trade secret" law appears to be true, he's not blowing steam up
> your asses.  They all agree it's somewhat questionable as to wether or
> not what OpenSSH is doing with aacs is "illegal".
>
> Discussing this issue over some scotch with one attorney, one I consider
> a good friend, after hearing the basic flow of this argument he posed
> this question:
>
> "Why do the OpenSSH folks care?  If Red Hat took their code and is
> distributing in a state they don't like, refuse to support it.  Being
> that a simple civil law suit from one of these hardball prick
> organizations like the MPAA/RIAA hell bent on protecting their property
> or whatever the hell can destroy a publicly held company once the media
> gets wind of the lawsuit being filed".
>
> If Red Hat removed this code in question from a legal standpoint, it's
> probably just a safegaurd and perhaps not needed.  Red Hat wouldn't care
> to have the media saying bogus things like "Red Hat, provider of Linux,
> is using some super encryption code and distributing it illegally".
> Untrue as that is, it would affect stock price.  This is a possible
> motivation.
>
> This is obviously not an issue OpenSSH should bother caring about.
>
> Red Hat is distributing OpenSSH's project and work in a state they deem
> as being hard for OpenSSH to support.  Red Hat can either fix it, or
> have their tarball recognized as something OpenSSH neither condones nor
> will support.
>
> OpenSSH seems firm in their stance, so that is that.
>
> Red Hat probably should properly contact the OpenSSH people and explain
> why this was done.  Perhaps they feel they have fixed something here.
> It is possible that this code hack has nothing at all to do with US
> law.  Anytime you change a person's code you should provide a reason
> why, it may be beneficial to the original code's maintainer.
>
> Don't get confused, the first half of this mail is just me trying to
> explain a reason as to why this list debating the legality of aacs is
> probably moot.  I don't use Red Hat, never have.  I don't agree with how
> they've handled their source changes to OpenSSH.
>
> Richard Holland
> Holland Transportation
>
>
>
>
>
>
>
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
>