RedHat forks OpenSSH?

Paul Iadonisi pri.rhl3 at iadonisi.to
Tue Nov 9 02:11:37 UTC 2004 

On Mon, 2004-11-08 at 20:50, Damien Miller wrote:

[snip]

> I'm not suggesting that Redhat has made clandestine changes, any such
> changes aren't really clandestine when they can be revealed with "diff".
> I am saying that we don't have the time (or the desire) to go and check
> what changes RedHat make to their tarball for each release.

  Well, it took me less time to determine what the change was, guided by
the very name of the tarball, than it did to read your message.   So you
didn't have the time (that turned out to be minimal) to look at the
simple change, but *did* have the time to post your missive which
presumably took longer to write than it did to read (almost always the
case).
  So you had time to lob charges at Red Hat, but no time to investigate
those very charges.  I see.  As they say on /., RTFA, or in this case
RTFS (source).

>  Patches are
> easy: they are instantly readable and most of them don't change from
> release to release anyway.

  And this wasn't far from that.  You could have taken an only very
slightly more detailed look to discover what had been done.  (BTW, if
you don't know *why* it was done, you are ignoring legal precedent here
in the USA, Red Hat's home country.)  You would have been able to
determine pretty quickly if it was going to involve more time and made a
decision at that point.
  Let me put it this way.  If you are going to post such an
controversial missive (and please don't say you didn't know it would be
controversial ... if that's true, it was rather naive), you had a
*responsibility* to investigate further.  To do otherwise is to admit
Darl McBride's legal strategy has merit.

> Given the choice of improving OpenSSH vs. chasing up hidden vendor
> changes motivated by a misguided legal department before I can determine
> whether a bug report is valid, I know which will always win.

  I love it when people outside of a company imply that their legal
advice is better than the company's own internal legal team by calling
their legal team 'misguided'.
  I thoroughly respect developers' contributions, and the time demands
on them.  But that's no excuse for posting a relatively long message to
public mailing lists before sending a brief "what's up with this" email
off to the maintainer of Red Hat's openssh package.

> Some people have taken offence to my cross-posting, I don't understand
> why; my original message is of relevance to openssh users, Fedora users
> and Fedora developers - the very lists that I posted to.

  See above.  A quick (and much shorter, by the way) message to the
package maintainer would have gotten you an answer without the need for
asbestos underwear.
  And if I haven't said it enough, OpenSSH (and OpenBSD!) rocks!  Thanks
for what you guys have done.  Thank goodness *someone* picked up the
ball when the original ssh got less and less free.

-- 
-Paul Iadonisi
 Senior System Administrator
 Red Hat Certified Engineer / Local Linux Lobbyist
 Ever see a penguin fly?  --  Try Linux.
 GPL all the way: Sell services, don't lease secrets

More information about the fedora-devel-list mailing list