But last night, ZDN got back to me telling me they liked it. I explained
it needed reworking and they gave me a couple days (like, Tuesday
afternoon) to fix it. So here is the revised version, please send me
anything you think needs changing.
Thanks, Jamie
Kerberos and the GPL
James Howard
On Tuesday, June 6, Evan Leibovitch wrote \protect\url{http://www.zdnet.com/zdnn/stories/comment/0,5859,2582875,00.html}
about Microsoft's wrangling of the Kerberos protocol. Microsoft had
taken the open source MIT software, made changes affecting compatibility,
and released the new version without the source code. The Kerberos
code is licensed under a license similar to both the BSD operating
system and the X11 Windowing system.
Leibovitch blames the license for allowing Microsoft to introduce proprietary
extensions into the protocol and claims that if Kerberos had been
licensed under the Free Software Foundation's General Public License
(GPL) Microsoft would have been unable to embrace and extend the Kerberos
standard. However, Leibovitch does not get it. This was the best possible
outcome and it was forced by the liberal license.
There are four possible paths this project could have taken:
* First, Microsoft could have ignored Kerberos completely and left
the broader community with an entirely new standard with zero support
from other software in the community.
* Second, the Kerberos code could have been released under the GPL.
If this had happened, the Microsoft would have surely refused to
use the code to prevent having to reveal proprietary source. Microsoft
would have then reimplemented the code and still modified the protocol.
Had Microsoft been forced to reimplement the code, it would surely
contain an unknown number of bugs and compatibility issues.
* Third, the Kerberos code could have been released under a Berkeley-style
license. Microsoft could have then taken the code and distributed
a modified version and maintained some level of compatibility with
existing implementations and installations of Kerberos.
* Finally, the Kerberos code could have been released under a Berkeley-style
license and Microsoft could have reimplemented it. This is, in fact,
what happened.
Why did Microsoft choose not to use existing code? I cannot say. The
license would have allowed them completely use the existing code without
legal ramifications.
However, despite legal availability of code, it was not used and this
allows Microsoft to open the flood gates. Since they wrote their own
code, they are not, nor ever were, bound to the M.I.T. license. This
means that even if the code had been released under the GPL, Microsoft
could have released a new version with proprietary extensions without
violating the M.I.T. license or running afoul of the law.
So we are now left with Leibovitch's articlewhich is clearly designed
only to attack BSD systems. Leibovitch states that Microsoft's treatment
of Kerberos is an ``example of real harm to the frees software community
that occurred because a BSD license was used.'' But as we have already
seen, the GPL could have not have prevented it.
In fact, the BSD license is responsible for more good in the industry
than the GPL could ever hope for. For instance, TCP/IP's widespread
acceptance stems directly from the fact the first versions were released
under such liberal terms. Apache's enormous popularity, beating all
other web servers combined, is due directly to the liberal license
which is based on a BSD license. The X Windows System's widespread
availability and interoperability is also based on it's liberal licensing
and the fact any vendor who wished to include the tool could with
not hassel.
The BSD license is clearly superior and offers more options for compatibility
and interoperability because it poses no risk to business and offers
independent developers incentive for using the code as well.
To Unsubscribe: send mail to majo...@FreeBSD.org
with "unsubscribe freebsd-advocacy" in the body of the message
On Mon, 19 Jun 2000, James Howard wrote:
> So here is the revised version, please send me anything you think
> needs changing.
> * Second, the Kerberos code could have been released under the GPL.
> If this had happened, the Microsoft would have surely refused to
then
> Why did Microsoft choose not to use existing code? I cannot say. The
> license would have allowed them completely use the existing code without
license allows them to use the existing code as is without
> However, despite legal availability of code, it was not used and this
the code,
> So we are now left with Leibovitch's articlewhich is clearly designed
article which
> of Kerberos is an ``example of real harm to the frees software
free software
> which is based on a BSD license. The X Windows System's widespread
> availability and interoperability is also based on it's liberal
its
Brett
*****************************************************
Dr. Brett Taylor br...@peloton.runet.edu *
Dept of Chem and Physics *
Curie 39A (540) 831-6147 *
Dept. of Mathematics and Statistics *
Walker 234 (540) 831-5410 *
*****************************************************
All fixed, thanks :)
Jamie
> Good article. I don't want to sound like I'm nit-picking, but I
> spotted a few typos and since this is going for publication I figure
> it's important:
Why do you think I send them here? You guys are good at catching silly
mistakes. I may started sending my English assignments here...come to
think of it, I have...
"without hassle"?
Other things (eg "it's" above) seem to have been pointed out already.
R.
James Howard wrote:
>
> I sent an earlier version of this to the list a couple weeks
> ago. A lot of people liked and someone (I forget who, I am
> sorry) suggested I offer it to ZDNet who ran the original. I offered it
Me. :-) I have OSOpinion in very low regard.
> Leibovitch blames the license for allowing Microsoft to introduce proprietary
> extensions into the protocol and claims that if Kerberos had been
> licensed under the Free Software Foundation's General Public License
> (GPL) Microsoft would have been unable to embrace and extend the Kerberos
> standard. However, Leibovitch does not get it. This was the best possible
> outcome and it was forced by the liberal license.
It wasn't the best outcome. It *would have been* the best outcome if MS
had done that. And, obviously, the license didn't "force" anything.
That's the whole point of the BSD license, anyway. :-) GPL forces
things, BSDL doesn't.
> There are four possible paths this project could have taken:
>
> * First, Microsoft could have ignored Kerberos completely and left
> the broader community with an entirely new standard with zero support
> from other software in the community.
>
> * Second, the Kerberos code could have been released under the GPL.
> If this had happened, the Microsoft would have surely refused to
> use the code to prevent having to reveal proprietary source. Microsoft
> would have then reimplemented the code and still modified the protocol.
> Had Microsoft been forced to reimplement the code, it would surely
> contain an unknown number of bugs and compatibility issues.
These lines ought to have been removed from here, since Microsoft did
reimplement the code, by Terry's account.
> * Third, the Kerberos code could have been released under a Berkeley-style
> license. Microsoft could have then taken the code and distributed
> a modified version and maintained some level of compatibility with
> existing implementations and installations of Kerberos.
Instead, you could have added here that this would result in an
implementation which is widely used and open for all to see, thus being
relatively bug-free, and avoid the 65.000 problems that seems to come
with new versions of software, and ensure that the protocol is correctly
implemented, avoiding subtle protocol interaction problems (protocol
design/implementation is a very treacherous (sp?) subject).
> * Finally, the Kerberos code could have been released under a Berkeley-style
> license and Microsoft could have reimplemented it. This is, in fact,
> what happened.
This is silly. You could have added dozens of cases of "Kerberos could
have been released under a XYZZY-style license and Microsoft could have
reimplemented it". You should have reworked the GPL paragraph to just
point out that Microsoft would be unwilling to use that code, and add a
final paragraph saying Microsoft decided to reimplement the code, with
all the problems that result from that.
And this whole section should have been rewritten to show that MS did
not do what Leibovich said they did, and if they HAD done it, we would
have been better off. And, above all, that GPL vs BSD has nothing to do
with it.
> The BSD license is clearly superior and offers more options for compatibility
> and interoperability because it poses no risk to business and offers
> independent developers incentive for using the code as well.
The statement that BSD license is clearly superior is always dangerous.
It isn't clearly superior to the goals of FSF. You could have said BSD
license is superior for reference implementations, as it increases the
chance of the reference implementation being actually used (and, as a
consequence, the chance of the protocol itself actually being adopted).
I'm sorry I couldn't get to you in time, I just post the above as a
feedback, so you can improve future articles.
Still, I think the rebuttal was very good, and the lack of attacks on
the rebuttal itself is a clear proof of that.
BTW, the guy defending Microsoft's implementation of Kerberos was
hillarious. :-)
--
Daniel C. Sobral (8-DCS)
d...@newsguy.com
d...@freebsd.org
ca...@the.great.underground.bsdconpiracy.org
Windows works, for sufficently small values of "works".