From: Richard Kaszeta <kaszeta@me.umn.edu> Date: Thu, 27 Aug 1998 11:09:05 -0500 (CDT) To: Tommi Virtanen <tv@debian.org> Subject: Re: SSH v2 [intent to package] Tommi Virtanen writes ("Re: SSH v2 [intent to package]"): > I will package it as ssh2, make it provide /usr/sbin/ssh2d > etc, and the user can change the symlinks (/usr/bin/ssh) to > choose which version to use. That's the upstream solution.. I'd suggest not packaging it at all, since I believe that ssh 2.x may be breaking copyright laws. Excerpts from a post to comp.security.ssh by the BMP author, http://x9.dejanews.com/getdoc.xp?AN=385027617&CONTEXT=904233996.1587478642&hitnum=0 >I took a look at the "new" bignum code of SSH 2 today. These guys worked >hard writing this bignum code. Or perhaps they did not. Perhaps the code >isn't really new at all. >The replaced the names of GMP functions by adding a "ssh_" or "SSH_" prefix. >Sometimes they also replaced some variable names. Okay, they omitted lots >of functions and wrote a few new ones too. >Of course, taking GPL code (or in the case of GMP, LGPL code) and modifying >it is OK as long as you retain the FSF copyright notice. But the SSH 2 >bignum code has stuff like this in the header: > Author: Somebody <somebody@ssh.fi> > Copyright (C) 1996-98 SSH Communications Security Oy, Espoo, Finland > All rights reserved. and then he presents a side-by-side example of GMP and SSH code showing how SSH 2 steals without attribution code from GMP. I encourage anyone interested in ssh 2.x to check this out for themselves. -- Richard W Kaszeta Graduate Student/Sysadmin bofh@me.umn.edu University of MN, ME Dept http://www.menet.umn.edu/~kaszeta -- To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org