Re: Kerberos security vulnerability in SSH-1.2.27

[anne () SSH COM (anne () SSH COM)]

On Wed, Jul 05, 2000 at 03:34:30PM -0700, Kris Kennaway wrote:
> I just noticed this myself - FreeBSD is considering dropping both ssh and
> ssh2 from ports now that we have OpenSSH. The message I'm getting here is
> that ssh.com don't want people using their code unless they pay license
> fees. Perhaps the ssh.com folks can confirm their intentions with the
> software as it relates to non-commerical use and inclusion in the
> open-source operating systems.

Not for non-commercial use. For non-commercial use, we have no problems
with you running Secure Shell.

> If you read the new license, it doesn't even give permission to *read* the
> code, let alone patch it, even for portability or bug fixes:
> "You may not: ... (ii) modify, translate, reverse engineer, decompile ,
> disassemble or otherwise attempt to reconstruct or discover the source
> code of the Software (except to the extent applicab le laws specifically
> prohibit such restriction);..."

Actually, this shouldn't be the case at all. If our licensing is to restrictive
for even patching the code, we need to resolve that.

Please get back to me and let me know. Part of what makes Secure Shell nice
to use is the fact that people do write patches for it (I even maintain a
website for ssh patches, both SSH1 and SSH2).

-Anne
-------------------------------------------------------------------------
Anne Carasik                      | Economists state their GNP growth
Principal Consultant              | projections to the nearest tenth of
SSH Communications Security, Inc. | a percentage point to prove they have
Email: anne () ssh com               | a sense of humor. -Edgar R. Fiedler
-------------------------------------------------------------------------
Unless stated otherwise above, the opinions expressed herein are my own,
                            not of my employer.