Dirk-Willem, Angel, et al,
Sorry for the delayed response. I tried to post this earlier but it was held up
by the mailing list manager.
> On Feb 10, 2016, at 2:59 PM, ?ngel Gonz?lez <keisial at gmail.com>
wrote:
>
> On 28/12/15 18:32, Kaleb Himes wrote:
>> Greetings OpenSSH developers,
>>
>> wolfSSL now has a stable port for any interested we are nearly ready to
>> submit a pull request to openssh-portable repository.
>>
>> For any and all interested we are ready for some alpha testing. Testing
>> should be as easy as doing the following steps:
>>
>
> It's already a big patch, and I note you have quite a number of
cosmetic changes
> (whitespace only) spread on it, which doesn't help reading them :(
>
>
> I wouldn't recommend including such changes in an unrelated patch, or
at least I would
> split them in a standalone patch with just cosmetic changes..
We?re happy to make some changes for readability.
>
>
> And then the license issue:
> Dirk-Willem van Gulik wrote:
>
>> 1) Fair to assume that you would expect (user and) distributor of a
(binary or source) distribution of an openssh+wolfssl (As opposed to an
openssh+openssl) to have agreed to BOTH the:
>>
>> a) the OpenSSH license
>>
>> -and-
>>
>> b) the GPL (or a commercial license entered into with WolfSSL) ?
>>
>> and that (at least) the GPL covers the entire derived work ? (the
OpenSSH license does not).
Correct.
>>
>> 2) And secondly (- are you, as the authors, all -) offering these
OpenSSH modifications (i.e. the ?patch) to the world (or to OpenSSH) as part of
the work ?
Our patch is made available under the OpenSSH license. GPL does not come into
the picture unless someone is building in the GPL version of wolfSSL and
distributing it.
>>
>> Or do you see the patch itself as something purely for OpenSSH;
sufficiently free of entanglement to be redistributed solely under the OpenSSH
license agreement ?
Yes! We want to have it there for a number of reasons. Some notes on why we
think users and developers of OpenSSH will benefit from having this conditional
compile generally available:
1. We will support and maintain it for both commercial and open source users.
We have to maintain it for our existing commercial customers anyway.
2. This will provide a readily available alternative to OpenSSL?s crypto.
There?s a lot of reasons to have an alternative readily at hand.
3. We have FIPS 140-2 support available to those who need it.
4. We will be happy to consider feature requests from the OpenSSH community.
For example: new ciphers, special build recipes, etc.
>>
>> Thanks,
>>
> (I understand Dirk meant OpenSSH, not OpenSSL)
Thanks! I went ahead and corrected that above, for readability.
>
> This may seem like administrativia, but it's a very important factor
for success. If for whatever reason you are not willing to something more
compatible (like LGPL), I urge you to include a FOSS License Exception (a clause
excepting from the viral to other free (libre) programs, like OpenSSH, without
having to relicense it under GPL - while keeping WolfSSL code GPL). See
https://www.mysql.com/about/legal/licensing/foss-exception/ as an example of
this.
We are super familiar with the FOSS exception, and plan to apply it to the
combination of wolfSSL/OpenSSH.
Will any of you guys be at RSA to discuss?
Does it make sense to put together a group chat to hash out any further
questions?
Finally, how does the OpenSSH community make a decision on something like this?
> Regards
>
Larry Stefonic
www.wolfssl.com
http://twitter.com/wolfSSL