You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Tasos Andras <kh...@gmail.com> on 2010/04/28 14:05:07 UTC

OpenBSD & the Apache license problem. Why?

Hello

I really wonder why you Apache guys did this:

A news from 2004:

http://tech.slashdot.org/article.pl?sid=04/06/07/1621254

It is 2010 now, and we're still on Apache 1.3.29. What was that license problem?

Let OpenBSD dev guys edit/improve/modify it however they like, please.
(Well, unless they won't change the 'Apache' httpd header)

They are great at security. That will be good for Apache, too. They're
also very well-respected. We all know that.

Freedom? Free? If "free", then make it "free for everyone, every
community, every people" please. Otherwise it is not "free" anymore.

Oh, by the way, what was your answer for:
"There is a number of serious security problems in apache that we have
fixed, and that have been offered them back, and they refused."
@
http://marc.info/?l=openbsd-misc&m=108655793112947&w=2

May i know what did you refuse and why did you refuse?

Thanks.

Re: OpenBSD & the Apache license problem. Why?

Posted by Jeff Trawick <tr...@gmail.com>.

On Wed, Apr 28, 2010 at 8:05 AM, Tasos Andras <kh...@gmail.com> wrote:

> I really wonder why you Apache guys did this:
>
> A news from 2004:
>
> http://tech.slashdot.org/article.pl?sid=04/06/07/1621254
>
> It is 2010 now, and we're still on Apache 1.3.29. What was that license problem?

With all due respect, do some research yourself.  If you can't find
documentation on the web of exactly why OpenBSD rejected the Apache
license change, go ask there.  We don't own that problem.

> Let OpenBSD dev guys edit/improve/modify it however they like, please.
> (Well, unless they won't change the 'Apache' httpd header)
> They are great at security. That will be good for Apache, too. They're
> also very well-respected. We all know that.
>
> Freedom? Free? If "free", then make it "free for everyone, every
> community, every people" please. Otherwise it is not "free" anymore.

Did you read our license?

> Oh, by the way, what was your answer for:
> "There is a number of serious security problems in apache that we have
> fixed, and that have been offered them back, and they refused."
> @
> http://marc.info/?l=openbsd-misc&m=108655793112947&w=2
>
> May i know what did you refuse and why did you refuse?

I guess a diff from the original Apache 1.3.29 to what OpenBSD uses
today would be instructive.

Re: OpenBSD & the Apache license problem. Why?

Posted by Lars Eilebrecht <la...@eilebrecht.net>.

Rich Bowen wrote:

> Having seen this referenced several times in the last few weeks (was  
> there a news story that resurrected this?) I've wondered about this  
> claim, too. Can someone who remembers this incident please speak up and 
> set the record straight about what actually happened? It seems  
> improbable to me that there's just one side of this story, and that  
> nobody remembers it from our perspective. What was refused, and why? Or 
> is that not actually how it happened?

Well, I wasted some time on the openbsd-misc list at that time ...
Apart from the OpenBSD team claiming that we rejected some of their
security patches the main issue was about them liking the Apache
license 2.0. They more or less literally said, we don't like the new
license because it has more stuff in it. I've given up talking to
them after that...

If they don't want to use anything with an Apache License 2.0, then
it's really the problem of the OpenBSD team, and nothing for us to
fix.

cheers...
-- 
Lars Eilebrecht
lars@eilebrecht.net

Re: OpenBSD & the Apache license problem. Why?

Posted by Rich Bowen <rb...@rcbowen.com>.

On Apr 28, 2010, at 8:51 AM, Eric Covener wrote:

>>
>> Oh, by the way, what was your answer for:
>> "There is a number of serious security problems in apache that we  
>> have
>> fixed, and that have been offered them back, and they refused."
>> @
>> http://marc.info/?l=openbsd-misc&m=108655793112947&w=2
>
> Why would there be an 'answer' to a) a statement and b) something that
> was posted on somebody elses mailing list?
>
>> May i know what did you refuse and why did you refuse?
>
> You'd have to refer to a specific bug report, patch, mailing list
> reference, or at least a specific issue for anyone to comment
> intelligently -- especially if this 6+ years ago.
>
> This is probably more on-topic at the users discussion list unless
> there's an actual question about the development of Apache HTTP
> Server.

Having seen this referenced several times in the last few weeks (was  
there a news story that resurrected this?) I've wondered about this  
claim, too. Can someone who remembers this incident please speak up  
and set the record straight about what actually happened? It seems  
improbable to me that there's just one side of this story, and that  
nobody remembers it from our perspective. What was refused, and why?  
Or is that not actually how it happened?

--
Rich Bowen
rbowen@rcbowen.com

Re: OpenBSD & the Apache license problem. Why?

Posted by Eric Covener <co...@gmail.com>.

On Wed, Apr 28, 2010 at 8:05 AM, Tasos Andras <kh...@gmail.com> wrote:
> I really wonder why you Apache guys did this:

Did what, released our software under a license of our choosing?

> A news from 2004:
> http://tech.slashdot.org/article.pl?sid=04/06/07/1621254
> It is 2010 now, and we're still on Apache 1.3.29. What was that license problem?

Ask someone who objects to the license?  Or do your homework before
before you start a thread questioning the license?

> Let OpenBSD dev guys edit/improve/modify it however they like, please.
> (Well, unless they won't change the 'Apache' httpd header)

Like everyone else, they can do whatever they please as long as they
abide by the license.

> Freedom? Free? If "free", then make it "free for everyone, every
> community, every people" please. Otherwise it is not "free" anymore.

I respect your personal opinion/desires about what software freedom
means, but seeing as how you don't know what the actual license
objection is, it's pretty odd that you've been able to come to a
conclusion.  You're always free to create your own webserver, and
license it under your own Platitudes License 2.0.

> Oh, by the way, what was your answer for:
> "There is a number of serious security problems in apache that we have
> fixed, and that have been offered them back, and they refused."
> @
> http://marc.info/?l=openbsd-misc&m=108655793112947&w=2

Why would there be an 'answer' to a) a statement and b) something that
was posted on somebody elses mailing list?

> May i know what did you refuse and why did you refuse?

You'd have to refer to a specific bug report, patch, mailing list
reference, or at least a specific issue for anyone to comment
intelligently -- especially if this 6+ years ago.

This is probably more on-topic at the users discussion list unless
there's an actual question about the development of Apache HTTP
Server.

-- 
Eric Covener
covener@gmail.com

Re: OpenBSD & the Apache license problem. Why?

Posted by Joe Orton <jo...@redhat.com>.

On Wed, Apr 28, 2010 at 03:05:07PM +0300, Tasos Andras wrote:
> Oh, by the way, what was your answer for:
> "There is a number of serious security problems in apache that we have
> fixed, and that have been offered them back, and they refused."
> @
> http://marc.info/?l=openbsd-misc&m=108655793112947&w=2

The answer is in that thread, from Lars:

http://marc.info/?l=openbsd-misc&m=108786434622823&w=2

"The Apache HTTP server security team is not aware of any pending 
patches/fixes for a security vulnerability (or other bug) in Apache 
proposed by the OpenBSD team."

...which is still true today.

Regards, Joe