Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 6 Feb 2011 10:40:57 -0700
From:      Chad Perrin <>
To:        FreeBSD <>
Subject:   Re: OpenSSH could be faster...then why don't they path it??
Message-ID:  <20110206174057.GA22368@guilt.hydra>
In-Reply-To: <>
References:  <> <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help

Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sun, Feb 06, 2011 at 08:42:27AM -0500, Bill Moran wrote:
> Also, I'm having trouble understanding how people like that get grants
> to do work like that.  On the one hand, they obviously know enough about
> cryptography to make improvements.  On the other hand, they can't seem
> to get a grip on the fact that the code will need to have a license
> before anyone can grab it and incorporate it.  I can't find anywhere on
> that page where it tells me what terms I am allowed to use those patches
> under.

A lack of concern for specific licensing seems to be a big problem in the
open source world -- particularly the copyleft world.  Many people seem
to think that if they say "open source" it means "GPL", and they don't
have to tell anyone they're releasing it under the terms of the GPL.  The
license ends up buried under some second-order subdirectory in a tarball
that isn't the supposedly preferred means of getting the software in
question.  Occasionally, the same kind of lack of concern is employed
with distributing something under some other open source license, and
occasionally an announcement that something is open source comes with the
author's assumption that no license is needed at all.

It drives me up the wall.

> Also, it would be nice if those folks kept track of dates.  Like, how long
> have those patches be available?  There's not a single date on any of
> those pages or the files involved.  The reason I point this out is because
> OpenSSL is _extremely_ sensitive software.  I don't want to see any
> large changes to it released until they've been in testing for months,
> if not years.  For all we know, these speed improvements are riddled with
> dozens of security flaws.

I agree that dates are important, too.  These days, there is little or no
execuse for offering open source software to the world without storing it
in a publicly accessible version control system's repository, which will
automatically track commit dates for everything anyway.

> Also, any reason why you're asking these questions of FreeBSD and not of
> the OpenSSL project?

I think we're discussing OpenSSH rather than OpenSSL.  Am I mistaken?

They are not the same project.

Chad Perrin [ original content licensed OWL: ]

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v2.0.14 (FreeBSD)



Want to link to this message? Use this URL: <>