[LWN Logo]
[LWN.net]

Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise news for all interests


Sections:
 Main page
 Linux in the news
 Security
 Kernel
 Distributions
 Development
 Commerce
 Announcements
 Back page
All in one big page

Other stuff:
Contact us
Archives/search
Calendar
Linux Stocks Page
Daily Updates

Recent features:
- Gaël Duval interview
- LinuxWorld
- Touchphone
- Linux Expo Paris
- Red Hat's IPO filing
- Eric Raymond interview
- Linux Expo '99
Review: Red Hat 6.0
- The Mindcraft Report
- BitKeeper - not quite open source
- Alan Cox interview
- 1998 Timeline

Here is the permanent site for this page.

Leading items and editorials


How free is BIND 8.2? It seems that the developers at Debian have reviewed the license restrictions in the BIND 8.2 release and found that the code implementing the RSA algorithm included from RSADSI (now Security Dynamics), known as DNSsafe, results in BIND no longer being compliant with the Debian Free Software Guidelines (DFSG). After an email discussion with David Conrad, Executive Director of the Internet Software Consortium which maintains BIND, we found that the DNSsafe license addition was not expected to be a significant problem. They had it reviewed by their lawyers and, because the RSA addition is used solely for authentication, the software is still freely exportable.

However, freely distributable and exportable is not necessarily the same as DFSG-compliant. Debian developers found several sections of the DNSsafe license restrictions that violated the DFSG. In particular:

The DNSsafe software cannot be used or distributed separately from the BIND software. You only have the right to use it or distribute it as a bundled, integrated product.
which violates several points of the DFSG, in that it restricts distribution of the software;
The DNSsafe software can ONLY be used to provide authentication for resource records in the Domain Name System, as specified in RFC 2065 and successors. You cannot modify the BIND software to use the DNSsafe software for other purposes, or to make its cryptographic functions available to end-users for other uses.
which violates the DFSG's "use" provisions; and
If you modify the DNSsafe software itself, you cannot modify its documented API, and you must grant RSA Data Security the right to use, modify, and distribute your modifications, including the right to use any patents or other intellectual property that your modifications depend upon.
which has several potential problems.

Essentially, though, the wording of the license is not the issue. As opposed to the rest of BIND, the DNSsafe code itself is simply not free software. Due to the US patent held by RSADSI (now Security Dynamics), any implementation of the RSA algorithm used in the US is subject to RSADSI's patent claim. The license makes it useable and redistributable for both commercial and non-commercial activities, but not part of the wealth of truly free software.

How should this be handled? Well, Debian developers apparently initially contacted ISC and got the impression that nothing could be done about the issue. However, when we passed on David Conrad's comments that creating a branch of BIND that did not contain the RSA code might still be an alternative, they were very interested. This sounds like the best possible solution to the problem, since Debian developers are willing to lose some functionality to keep the software they use totally free. Now we have to wait to see if such a code branch is technically feasible for ISC to create and maintain.

It is in all of our interests to have BIND, which is such an important piece of software for Linux within the Internet, remain both well-maintained and free, at least in some incarnation, without having to wait more than a year for the RSA patent to expire.

Tux loves SCO SCO strikes again. SCO may have been making friendly noises regarding Linux recently, but, according to this page on X/OS, they are up to the same old stuff in Europe. Here, X/OS dissects a bulletin sent out by SCO in Belgium, the Netherlands, and Luxemburg which attacks Linux in many ways. An interesting read. For example:

  • "Linux at this moment can be considered more a play thing for IT students rather than a serious operating system in which to place the functioning, security and future of a business. Because Linux is basically a free-for-all it means that no individual person/company is accountable should anything go wrong, plus there is no way to predict which way Linux will evolve."

  • "Currently there are over forty distributions of Linux competing with each other and as a result there is no single standard. Potentially, this means that software written for one system will not work on another. Therefore it makes more sense to buy a commercial operating system like UnixWare or OpenServer."
There is much more. One wonders why SCO is getting into the Linux services business if they feel so poorly about the system. Please see the X/OS page for a more complete discussion and rebuttal. You may also get the SCO bulletin, but be aware that it is a 2MB PDF file. (Found in NNL).

Red Hat's SEC-mandated silent period is now over. They immediately came out with a set of announcements, which are covered within this issue of LWN on the Distributions and Commerce pages.

LWN was able to get an interview with Red Hat's Donnie Barnes. The discussion wandered over such topics as what will be done with Red Hat's pot of money, how they view "value-added" derivative distributions like Linux-Mandrake, the community stock offering, and more.

Is Sun/StarOffice good for Linux? Bruce Perens raises concerns about StarOffice in this editorial. "Could Sun be building ammunition for its next war? StarOffice may also be an attempt to gain long-term control over the Linux desktop market. By releasing an almost-Open-Source office suite, Sun may be attempting to reduce the demand for an entirely-Open-Source office product."

This Week's LWN was brought to you by:


September 9, 1999

 

Next: Linux in the news

 
Eklektix, Inc. Linux powered! Copyright © 1999 Eklektix, Inc., all rights reserved
Linux ® is a registered trademark of Linus Torvalds