[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openssh-unix-dev
Subject:    Re: wolfSSL port to openSSH
From:       "larry () wolfssl ! com" <larry () wolfssl ! com>
Date:       2016-02-18 17:34:13
Message-ID: BE77169C-0C0F-406F-9601-8B4DCAE342A6 () wolfssl ! com
[Download RAW message or body]

Dirk-Willem, Angel, et al,

Sorry for the delayed response.  I tried to post this earlier but it was held up by \
the mailing list manager.


> On Feb 10, 2016, at 2:59 PM, Ángel González <keisial@gmail.com> wrote:
> 
> On 28/12/15 18:32, Kaleb Himes wrote:
> > Greetings OpenSSH developers,
> > 
> > wolfSSL now has a stable port for any interested we are nearly ready to
> > submit a pull request to openssh-portable repository.
> > 
> > For any and all interested we are ready for some alpha testing. Testing
> > should be as easy as doing the following steps:
> > 
> 
> It's already a big patch, and I note you have quite a number of cosmetic changes
> (whitespace only) spread on it, which doesn't help reading them :(
> 
> 
> I wouldn't recommend including such changes in an unrelated patch, or at least I \
> would split them in a standalone patch with just cosmetic changes..

We're happy to make some changes for readability.

> 
> 
> And then the license issue:
> Dirk-Willem van Gulik wrote:
> 
> > 1) Fair to assume that you would expect (user and) distributor of a (binary or \
> > source) distribution of an openssh+wolfssl (As opposed to an openssh+openssl) to \
> > have agreed to BOTH the: 
> > a)	the OpenSSH license
> > 
> > -and-
> > 
> > b)	the GPL (or a commercial license entered into with WolfSSL) ?
> > 
> > and that (at least) the GPL covers the entire derived work ? (the OpenSSH license \
> > does not). 

Correct.  

> > 
> > 2) And secondly (- are you, as the authors, all -) offering these OpenSSH \
> > modifications (i.e. the ‘patch) to the world (or to OpenSSH) as part of the \
> > work ? 

Our patch is made available under the OpenSSH license.  GPL does not come into the \
picture unless someone is building in the GPL version of wolfSSL and distributing it.

> > 
> > Or do you see the patch itself as something purely for OpenSSH; sufficiently free \
> > of entanglement to be redistributed solely under the OpenSSH license agreement ?

Yes!  We want to have it there for a number of reasons.  Some notes on why we think \
users and developers of OpenSSH will benefit from having this conditional compile \
generally available:

1.  We will support and maintain it for both commercial and open source users.  We \
have to maintain it for our existing commercial customers anyway.

2.  This will provide a readily available alternative to OpenSSL's crypto.  There's a \
lot of reasons to have an alternative readily at hand.  

3.  We have FIPS 140-2 support available to those who need it.

4.  We will be happy to consider feature requests from the OpenSSH community.  For \
example:  new ciphers, special build recipes, etc.

> > 
> > Thanks,
> > 
> (I understand Dirk meant OpenSSH, not OpenSSL)

Thanks!  I went ahead and corrected that above, for readability.

> 
> This may seem like administrativia, but it's a very important factor for success. \
> If for whatever reason you are not willing to something more compatible (like \
> LGPL), I urge you to include a FOSS License Exception (a clause excepting from the \
> viral to other free (libre) programs, like OpenSSH, without having to relicense it \
> under GPL - while keeping WolfSSL code GPL). See \
> https://www.mysql.com/about/legal/licensing/foss-exception/ as an example of this.

We are super familiar with the FOSS exception, and plan to apply it to the \
combination of wolfSSL/OpenSSH.

Will any of you guys be at RSA to discuss?  

Does it make sense to put together a group chat to hash out any further questions?

Finally, how does the OpenSSH community make a decision on something like this?


> Regards
> 

Larry Stefonic
www.wolfssl.com
http://twitter.com/wolfSSL
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic