A non-text attachment was scrubbed... Name: not available Type: application/pgp Size: 3562 bytes Desc: not available Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20010214/5489bfec/attachment.bin
mouring at etoh.eviladmin.org
2001-Feb-15 03:12 UTC
Tatu Ylonen's message to the OpenSSH developers
On Wed, 14 Feb 2001, Jim Dennis wrote: [..]> However, it's equally a pity that no one has come out with a fully > independent protocol compatible re-implementation. Tatu published > his sources, and a full description of the protocols (both versions?) > and has actively encouraged (through his participation in the IETF) > an independent implementation. (IETF guidelines strongly suggest, > nigh onto *require* multiple independent and interoperable > implementations of all new Internet standards). lsh/psst > (http://www.net.lut.ac.uk/psst/) seems to be a moribund project; the > fact that it hasn't even become available as a Debian package in > unstable is testimony to that. >I'm sorry, but this feels like a massive sales pitch. And I'm not buying the your 'Evil OpenBSD group' story. First off.. Why are you discounting the other implementations and trying to 'sell' psst? What about FreSSH? Mindterm? The Java(tm) Telnet Application/Applet? And more.. Just I'm too busy to look them up. Please don't attempt to feed people the crap that 'Oh there is only three implementation and one is not "independent"'. Secondly, you can't tell me that all we did was "steal all of Tatu's work" and then sat around going "Oh we did a great job. Oh we are such wonderful people." Markus has spent a lot of hours re-implementing v2. Not counting the hours of clean up v1 protocol. Stripping out the crude that has accumated over the years. Allowing the portable group to carely add in multiple platform support in a sane and auditable way. Please push your political non-sense somewhere else. We have development to actually do. If you feel psst is so much better (as your email states) then I suggest you go and help them improve their product and then let the public decide which one they will trust and use. - Ben
> > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > I personally applaud Tatu Ylonen's restraint and tact in his message > to the OpenSSH developers list. I think it's long overdue. >Even though I privately answered him as an irate customer, I will give him that he expressed his intentions in an appropriate professional manner despite the fact that I believe his intentions were inappropriate and unprofessional.> It's a pity that SSH(TM) isn't completely free. It's a pity that > Tatu hasn't found a revenue model that would allow him to release > under the GPL or BSD licenses, or to create a DFSG compliant license. > Obviously, revenue models are a hard problem for free software -- and > some people do need to live off their programming labors. I can't > begrudge Tatu (or others) that. >No one that I know of has faulted Tatu and his company for making his product closed source. That is not the argument. The argument is against: a) His claim of ssh as trademark. b) His claiming that ssh used within another word sullies his trademark. c) Claiming the use of this trademark causes confusion and thus pain to his company. Concerning a) I must say that I find it amazing for many reasons that any legal system would allow him the trademark: a) It is in common use and has been in use for years as a description of a protocol not a companies product. b) The term ssh was actually used by borne type shell before "ssh" as we know it came arround. Concerning point b) and c), it is clear beyond a shadow of doubt that OpenSSH and some of the other SSH's out there are not Yatu's product, and it is certainly not the intent of any project developing ssh protocols (that's what they are called in the RFC's) to make users believe that they are Tatu's product. Their only wish is to develop efficient secure applications that are complient with the RFC's concerning the protocol SSH. You will also note as he has decided to call his product the same as the protocol it conforms to, he falls into the same situation as the countless companies that produce telnet and ftp programs that do the telent and ftp protocols. Long ago I was a tech at Serial Comm. Company, and I can assure you that I got emails and phone calls for xmodem, ymodem, and zmodem implementations that we did not produce. Its the nature of the business.> Unfortunately I think that Tatu will be castigated for his message > and I'd like to go on record as saying that all the complainers > should stuff it! Go help Martin Hamilton and the rest of the psst > team if you insist a fullly GPL version of an ssh(TM) compatible > package. (Or help get InterNIC to adopt a secure DNS version of BIND > *and* to publish keys and sign their top level zone data --- and > otherwise help us realize IPSec). >Of course he should unless he changes his mind. First of all if he wants to differentiate himself from the rest, it is the area of service that he will be able to do so. If he wants to differentiate his products from other products that do the SSH protocol, than provide the easiest, most documented, most feature rich product that does SSH protocol. Provide solutions for business, not a trademark (not that a business should not have a trademark).> Meanwhile the OpenSSH [sic] team should probably consider renaming > their package OpenSecsh (possibly to be pronounced like a drunk > commenting on "promiscuous sex"). I suspect that Tatu would have no > complaint about their use of the IETF name for the protocol --- and > he hasn't even asked them/us to change the name of the binary. >I am not a member of the team, but I sincerely hope they do not unless forced to do so. This definately a case of straining gnats and swallowing camels whole...james