On Sun, Feb 06, 2011 at 08:42:27AM -0500, Bill Moran wrote: > > Also, I'm having trouble understanding how people like that get grants > to do work like that. On the one hand, they obviously know enough about > cryptography to make improvements. On the other hand, they can't seem > to get a grip on the fact that the code will need to have a license > before anyone can grab it and incorporate it. I can't find anywhere on > that page where it tells me what terms I am allowed to use those patches > under.
A lack of concern for specific licensing seems to be a big problem in the open source world -- particularly the copyleft world. Many people seem to think that if they say "open source" it means "GPL", and they don't have to tell anyone they're releasing it under the terms of the GPL. The license ends up buried under some second-order subdirectory in a tarball that isn't the supposedly preferred means of getting the software in question. Occasionally, the same kind of lack of concern is employed with distributing something under some other open source license, and occasionally an announcement that something is open source comes with the author's assumption that no license is needed at all. It drives me up the wall. > > Also, it would be nice if those folks kept track of dates. Like, how long > have those patches be available? There's not a single date on any of > those pages or the files involved. The reason I point this out is because > OpenSSL is _extremely_ sensitive software. I don't want to see any > large changes to it released until they've been in testing for months, > if not years. For all we know, these speed improvements are riddled with > dozens of security flaws. I agree that dates are important, too. These days, there is little or no execuse for offering open source software to the world without storing it in a publicly accessible version control system's repository, which will automatically track commit dates for everything anyway. > > Also, any reason why you're asking these questions of FreeBSD and not of > the OpenSSL project? I think we're discussing OpenSSH rather than OpenSSL. Am I mistaken? They are not the same project. -- Chad Perrin [ original content licensed OWL: http://owl.apotheon.org ]
pgpYQp3xqsNOx.pgp
Description: PGP signature
