Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise news for all interests
Linux in the news
All in one big page
Here is the permanent site for this page.
How free is BIND 8.2? It seems that the developers at Debian have reviewed the license restrictions in the BIND 8.2 release and found that the code implementing the RSA algorithm included from RSADSI (now Security Dynamics), known as DNSsafe, results in BIND no longer being compliant with the Debian Free Software Guidelines (DFSG). After an email discussion with David Conrad, Executive Director of the Internet Software Consortium which maintains BIND, we found that the DNSsafe license addition was not expected to be a significant problem. They had it reviewed by their lawyers and, because the RSA addition is used solely for authentication, the software is still freely exportable.
However, freely distributable and exportable is not necessarily the same as DFSG-compliant. Debian developers found several sections of the DNSsafe license restrictions that violated the DFSG. In particular:
The DNSsafe software cannot be used or distributed separately from the BIND software. You only have the right to use it or distribute it as a bundled, integrated product.which violates several points of the DFSG, in that it restricts distribution of the software;
The DNSsafe software can ONLY be used to provide authentication for resource records in the Domain Name System, as specified in RFC 2065 and successors. You cannot modify the BIND software to use the DNSsafe software for other purposes, or to make its cryptographic functions available to end-users for other uses.which violates the DFSG's "use" provisions; and
If you modify the DNSsafe software itself, you cannot modify its documented API, and you must grant RSA Data Security the right to use, modify, and distribute your modifications, including the right to use any patents or other intellectual property that your modifications depend upon.which has several potential problems.
Essentially, though, the wording of the license is not the issue. As opposed to the rest of BIND, the DNSsafe code itself is simply not free software. Due to the US patent held by RSADSI (now Security Dynamics), any implementation of the RSA algorithm used in the US is subject to RSADSI's patent claim. The license makes it useable and redistributable for both commercial and non-commercial activities, but not part of the wealth of truly free software.
How should this be handled? Well, Debian developers apparently initially contacted ISC and got the impression that nothing could be done about the issue. However, when we passed on David Conrad's comments that creating a branch of BIND that did not contain the RSA code might still be an alternative, they were very interested. This sounds like the best possible solution to the problem, since Debian developers are willing to lose some functionality to keep the software they use totally free. Now we have to wait to see if such a code branch is technically feasible for ISC to create and maintain.
It is in all of our interests to have BIND, which is such an important piece of software for Linux within the Internet, remain both well-maintained and free, at least in some incarnation, without having to wait more than a year for the RSA patent to expire.
SCO strikes again. SCO may have been making friendly noises regarding Linux recently, but, according to this page on X/OS, they are up to the same old stuff in Europe. Here, X/OS dissects a bulletin sent out by SCO in Belgium, the Netherlands, and Luxemburg which attacks Linux in many ways. An interesting read. For example:
Red Hat's SEC-mandated silent period is now over. They immediately came out with a set of announcements, which are covered within this issue of LWN on the Distributions and Commerce pages.
LWN was able to get an interview with Red Hat's Donnie Barnes. The discussion wandered over such topics as what will be done with Red Hat's pot of money, how they view "value-added" derivative distributions like Linux-Mandrake, the community stock offering, and more.
Is Sun/StarOffice good for Linux? Bruce Perens raises concerns about StarOffice in this editorial. "Could Sun be building ammunition for its next war? StarOffice may also be an attempt to gain long-term control over the Linux desktop market. By releasing an almost-Open-Source office suite, Sun may be attempting to reduce the demand for an entirely-Open-Source office product."
This Week's LWN was brought to you by:
September 9, 1999