[9fans] The new ridiculous license

4509 views
Skip to first unread message

Theo de Raadt

unread,
Jun 17, 2003, 12:04:37 PM6/17/03
to
http://plan9.bell-labs.com/hidden/newlicense.html

[and whichever other versions are proposed..]

The new license is utterly unacceptable for use in a BSD project.

Actually, I am astounded that the OSI would declare such a license
acceptable.

That is not a license which makes it free. It is a *contract* with
consequences; let me be clear -- it is a contract with consequences
that I am unwilling to accept.

Note that I sell OpenBSD CDs to fund our project. That contract right
there says in term 7:

If Theo accidentally sells a CD to
North Korea, the US can fuck him.

Thanks OSI. Thanks for being so damn patriotic.

It also says in term 4:

Sell this in a product in ways which "we" do not like, and the
contract you have accepted says you can be fucked by anyone
who owns this license later and who decides they want to fuck you.

Who is "we". You don't read term 4 that way? Lawyers I talk to read
it that way. If lawyers I talk to read it that way, why the heck
would I risk ever in the future ending up in a court room with lawyers
who might argue against me like my lawyers suggest might be possible?
I would be stupid to accept such a term. And come on it says "certain
responsibilities". Good god. Are you people dumb to accept such a
term in a legal document? It is like "your house mortgage can be
considered invalid in certain situations and then we own your house".

Or perhaps you guys are utterly blind to what is happening with IBM
and SCO right now.

The license you propose is NOT FREE SOFTWARE. I am astounded the OSI
has gone and decided to become an organization that just rubber stamps
things which are not free. I don't know who they are talking to, but
these "licenses" which they approve are chock full of constraints
against various segments of the user community.

Wisen up plan9 guys -- keep your software commercial or just make it
free. Say "Public domain" or say "Copyright us, do anything except
don't claim someone else wrote it", -- or keep it commercial. These
continual lies wrapped up in contract law are ... such a farce -- why
is it that none of you have the guts to just give it away like the
good people at Berkeley did years and years ago? Are you really that
gutless? Did Kirk and Keith and Kirk really understand something
about freedom which you guys don't? Are all of you really that
trapped that you can't escape the legal frameworks presented to you by
lawyers? Were those Berkeley guys on drugs when they decided to make
all that stuff "free except give us credit", and like wow man,
suddenly all sorts of stuff from sockets to half of libc ended up
being based on their cope. Or is it the plan9 people who hold major
delusions?

We've made OpenSSH so free that it is being included not just in
generic purpose operating systems, but also in routers, switches, and
reportedly soon even in POSTSCRIPT PRINTERS... from *major vendors*...
because we are FED UP with one-off crap security software being put
into these devices; because MY security depends on the security of
YOUR NETWORK DEVICE; hence we would rather supply a complete 'plug and
play' solution that any vendor can just merge into their product
BECAUSE THE LICENSE IS UTTERLY STARK AND CLEAR AND FREE. But
increasingly I am becoming convinces that anyone who has ever worked
for AT&T or Bell Labs does not UNDERSTAND what makes networks more
secure -- and it is, surprise, FREE DISCLOSURE OF THE SIMPLE STUFF.

Were we on Berkeley drugs when we decided to make OpenSSH that free?

Who on this list is using OpenSSH? Who wants to use something less
free instead?

Put another way... do you guys have some kick ass technology that you
want to change the world, or don't you? The latest rave vibe on the
internet appears to be that free software is changing the world a lot.
You don't want to be part of that? Besides being part of all *BSD and
Linux operating systems, OpenSSH is also part of most non-Linux
Unix-like operating systems, but you might have noticed that many of
those systems do not ship with other GNU software by default; like
pick Solaris. Solaris includes OpenSSH. Name some GNU software
included by default, ok? The point is, a SSH server MATTERS. That
there is a free one matters even more.

There's a reason. You write a license like you have written here, and
vendors get afraid. I urge you to write something much simpler.

I am willing to speak this way because after two years of discussion
with plan9 people, it has become clear to me that this compiler will
never be free enough for us to use. If that changes as a result of
this mail, good. If not, fine -- I have given up hope.

I urge everyone in power regarding this issue to think this through --
and then, make your simple compiler which we can build into a trusted
component FREE, or, if you don't, sometime in the next few years
something else which is simple and matches it in power, can and might
and probably will show up (because it is clear the gnu bloat compiler
will never achieve such a goal...)

After all, why would you spend so much effort building something so
kick-ass if in the end very few people use it.

- ---

Below is an example license to be used for new code in OpenBSD,
modeled after the ISC license.

It is important to specify the year of the copyright. Additional years
should be separated by a comma, e.g.
Copyright (c) 2003, 2004

If you add extra text to the body of the license, be careful not to
add further restrictions.

/*
* Copyright (c) CCYY YOUR NAME HERE <us...@your.dom.ain>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/

Russ Cox

unread,
Jun 17, 2003, 12:39:32 PM6/17/03
to
> Note that I sell OpenBSD CDs to fund our project. That contract right
> there says in term 7:
>
> If Theo accidentally sells a CD to
> North Korea, the US can fuck him.

You might notice that OSI didn't approve clause 7.
(See http://plan9.bell-labs.com/hidden/osi-diff.html.)

7. EXPORT CONTROL

Recipient agrees that Recipient alone is responsible for compliance
with the United States export administration regulations (and the
export control laws and regulation of any other countries) and hereby
indemnifies the Contributors for any liability incurred as a result of
the Recipients actions which result in any violation of any such laws
and regulations.

If Theo lives in the U.S. and sells a CD to North Korea,
Theo has broken U.S. law regardless of whether section 7 exists.
If Theo lives outside the U.S. and sells a CD to North Korea,
Theo is fine regardless of whether section 7 exists.

> It also says in term 4:
>
> Sell this in a product in ways which "we" do not like, and the
> contract you have accepted says you can be fucked by anyone
> who owns this license later and who decides they want to fuck you.

Where does it say this? I see that if you put our software
in PostScript printers claiming that it's bulletproof and then
it turns out not to be, then it's your butt on the line not ours
since we never said it was bulletproof.

Russ

Theo de Raadt

unread,
Jun 17, 2003, 12:51:21 PM6/17/03
to
It's too difficult for me to explain in full details how much of this
license is not acceptable to us. But it clearly is not acceptable to
us.

We have an entire operating system (minus a touch of GPL and LGPL here
and there, one sendmail license, and a few smatterings of Artistic)
that has NO CONTRACTS -- every license is simply "copyright law term
dismissal + warranty disclaimer". That is free; these licenses make
no new requirements of anyone; they do not require or re-state
anything that is already the way it is. The BSD licenses we have
simply take rights granted by copyright law to the author, and they
serve to allow the author to give up all of those rights (except the
copyright law right to be known as the author). These licenses ask
for nothing in return; they do not even restate anything that another
law might make a problem -- because there is no need to state it!

We can't accept this license as it is. I note your meeting notes said
that a goal had been to allow OpenBSD to use parts from this (in
particular we were interested in the c compiler). I think someone did
not listen to us, or understand what a BSD-licensed operating system
has as a goal -- as this is, the plan9 components are now no more free
for us to use than they were weeks ago.

sure; you have a new license. That will be good for some people. Too
bad it does not go far enough for the needs of a BSD licensed system.
It's just incompatible. It would be the most onerous license in our
tree (well there is the GPL, but year by year we remove and replace
more and more GPL software in our tree... we had hoped to replace the
c compiler in the long term with a free one...)

C H Forsyth

unread,
Jun 17, 2003, 12:59:38 PM6/17/03
to
/*
* Copyright (c) CCYY YOUR NAME HERE <us...@your.dom.ain>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/

if you say ``permission ... is granted, provided that [you do/behave thus and so]...'
is that not a form of contract?
(even if there isn't a Party of the First Part and a Party of the Second Part and a Sanity Clause.)
whether a contract is VALID expressed in a given way or with/without particular terms
is another large matter.

if my dom.ain is in a country within certain legal jurisdictions, can i actually DISCLAIM
all that. for instance in England we cannot avoid liability for negligence or `wilful default',
and nearly always must make that clear.

-------

it seems to me that the aim of clause 4 in the Lucent Hidden License is to ensure that:
given that the Contributors have made their contribution with as little warranty and
guarantees as they can possibly get away with, if someone subsequently decides to distribute
it and ALSO offer extra warranties or guarantees or other forms of support, and someone
takes them up on it but they end up feeling worse for it, the responsibility rests with
the supplier who made the later offer. thus the original Contributors are safe from being
held responsible for what someone else does with it (even if the original code was at fault)
IF that person makes extra claims, offers, guarantees, etc.
the rationale is that if you claim something the original contributor didn't claim it's
your responsibility to check the claim and make good.

David Presotto

unread,
Jun 17, 2003, 1:14:24 PM6/17/03
to
Thank you for the comments. I'll answer them as best I can though
I fear any answer will be insufficient since I really can't change
the license substantially.

> That is not a license which makes it free. It is a *contract* with
> consequences; let me be clear -- it is a contract with consequences
> that I am unwilling to accept.

That's clearly for you to decide. Though legally this is not a contract,
It does obligate the recipient which is probably what you mean.

> Note that I sell OpenBSD CDs to fund our project. That contract right
> there says in term 7:
>
> If Theo accidentally sells a CD to
> North Korea, the US can fuck him.

Nice paraphrase and it is indeed true. However, not because of what the
license says:

Recipient agrees that Recipient alone is responsible for compliance with
the United States export administration regulations (and the export control
laws and regulation of any other countries) and hereby indemnifies the
Contributors for any liability incurred as a result of the Recipients
actions which result in any violation of any such laws and regulations.

If Theo accidentally (or not) sells a CD to North Korea, then the US can 'fuck' him,
so to speak, with or without this clause (assuming he's living in the US or
in a country the US can lean on). The best he can claim as mitigation
is that he didn't know that there might be applicable export controls or
that he did it by accident. What the clause does do is point out that
he was told, that its his accident and the weight falls on him, not the
contributors. If he does something to bring the gov down on him, its
on him and not the whole community. That of course will not make Theo
feel very good.

As far as I know, the only thing that really is covered by the US regulations
is the crypto but that's beside the point. If you know better than I do (as
well you might, I haven't checked lately) i.e., if you think that the
export regulations no longer apply to such software please tell me.

Of couse then this clause shouldn't bother you because there are no
reguations whose infringement you need to indemnify contributors against.

By the way, this clause has NOT been accepted by OpenSource as the pointer
at the top of the license points out. The license they accepted
does not contain it.

>It also says in term 4:
>
> Sell this in a product in ways which "we" do not like, and the
> contract you have accepted says you can be fucked by anyone
> who owns this license later and who decides they want to fuck you.

If the lawyers you talk to read it as you described it, then I'ld like to
talk with them. Please have them contact me. We've gone over this with
both our lawyer and with the IBM laywer that drafted the CPL and this
reading astounds us all.

This clause comes pretty much intact from the IBM PL. It means that
should you commercially distribute (sell) this product, and as a result
of that someone sues because of 'your acts and ommissions', that you will
protect the contributors in that suit.

Of course, this may also not be acceptable to you, but that's a different
story.

As for the rest, I agree. My original wording for the license was:

take the software and do whatever you'ld like with it

Since we're a big company with seemingly big pockets (though mostly empty
these days) and we do get sued a lot as a result. Whether or not we're
in the right its still damed expensive. Therefore, we can't release
software without the cover your ass clauses.

Dan Cross

unread,
Jun 17, 2003, 1:12:34 PM6/17/03
to
> We can't accept this license as it is. I note your meeting notes said
> that a goal had been to allow OpenBSD to use parts from this (in
> particular we were interested in the c compiler). I think someone did
> not listen to us, or understand what a BSD-licensed operating system
> has as a goal -- as this is, the plan9 components are now no more free
> for us to use than they were weeks ago.

I don't think it has ever been a goal of anyone working on Plan 9 to
allow or disallow you or anyone else from using the Plan 9 code. If
you don't want to use it because you don't like the license, fine.
Otherwise, what's your point by sending this garbage to 9fans? If
you've got a problem with Bell Labs, take it up with them. Don't spam
the rest of us with your misunderstandings of the community's goals.

- Dan C.

David Presotto

unread,
Jun 17, 2003, 1:17:26 PM6/17/03
to
I just read your answer to deraadt and notice that its just
like mine.

Theo de Raadt

unread,
Jun 17, 2003, 1:33:31 PM6/17/03
to
> Since we're a big company with seemingly big pockets (though mostly empty
> these days) and we do get sued a lot as a result. Whether or not we're
> in the right its still damed expensive. Therefore, we can't release
> software without the cover your ass clauses.

Then why don't you guys just use a standard warranty disclaimer then?

* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

Disclaimers of the above form occur on thousands and thousands of
files from some very large organizations... like CMU or MIT or UCB, on
very large software packages which many of you might have used in
whole or in part, like MACH, X11, or BSD. Disclaimers like this have
worked fine for an entire industry.

Why are Lucent and IBM so special, that instead of having a simple
warranty disclaimer, their licenses instead need to make threats and
assertions of possible reprocussions to distributers? (Sorry, that is
how I view these licenses, and I am not likely to change my viewpoint,
since much of this comes from a distrust of corporations).

By the way, since you mention IBM, postfix is in the same situation --
we can't distribute it on our CDs. If I were to put it on a CD, and
various possible events occur which are out of my control, the license
has put me on notice that I could be sued. I don't accept such a
thing. I consider it a threat to our project's continued existance as
a developer and provider of free software (not just OpenBSD, but
OpenSSH too).

I am sorry for the strong minded way in which I am approaching this,
but I am very dissapointed that after years of requesting that the
plan9 c compiler become free so that we can start extending it and
working with it... that we could be rebuffed in such a way because the
lawyers have not been properly reined in.

I know you wanted this to be really free. Yet, thus far this is a
failure.

http://www.vitanuova.com/company/products.html claims a desire to
address complexity. Why not in licenses too? I quote a sample
license again, of a form that has been used by many many organizations
for decades to make their software free. So free, that such things
are all over HP routers and switches and cisco pix firewalls, and who
knows where else.

---

Below is an example license to be used for new code in OpenBSD,
modeled after the ISC license.

It is important to specify the year of the copyright. Additional years
should be separated by a comma, e.g.
Copyright (c) 2003, 2004

If you add extra text to the body of the license, be careful not to
add further restrictions.

/*

Tom Glinos

unread,
Jun 17, 2003, 1:40:29 PM6/17/03
to

Theo has his points:

Let's deal with the Export Restrictions. Lucent and
by induction the licensee MUST keep the US Government
happy. In reality, it's not that onerous a clause.
Always remember the US Government at any time can
make up new laws to screw you (and history show it
has done this frequently). Look at the RIAA inspired mess.
So, don't worry, be happy.

The COMMERCIAL DISTIBUTION clause is just nutty.
I wouldn't bet my business on that clause.
Should anything blow up, (either intentionally or not)
you are screwed. Theo is correct here. But, there
is hope, Lucent reserves the right to change the license.
Perhaps a future license won't be so risky.

But, if you are just doing things for "free" then
I don't see a problem with this license.

Damian Gerow

unread,
Jun 17, 2003, 1:48:19 PM6/17/03
to
Thus spake Russ Cox (r...@plan9.bell-labs.com) [17/06/03 12:42]:

> You might notice that OSI didn't approve clause 7.
> (See http://plan9.bell-labs.com/hidden/osi-diff.html.)

So is there a final revision of the license that we can read, without having
to include external amendments that are 'hidden'?

Russ Cox

unread,
Jun 17, 2003, 1:47:28 PM6/17/03
to
> The COMMERCIAL DISTIBUTION clause is just nutty.
> I wouldn't bet my business on that clause.
> Should anything blow up, (either intentionally or not)
> you are screwed. Theo is correct here.

Can you explain this? None of us can see that.

Russ Cox

unread,
Jun 17, 2003, 1:58:18 PM6/17/03
to
The version that OSI approved is at
http://plan9.bell-labs.com/hidden/approved-template.html
but it's not what we're using. We're using the one
that I posted a link to before:
http://plan9.bell-labs.com/hidden/newlicense.html.

Russ

David Presotto

unread,
Jun 17, 2003, 2:03:31 PM6/17/03
to
The amendments aren't hidden. The license you looked at

http://plan9.bell-labs.com/hidden/newlicense.html

is the final one. The thing you didn't notice was the line at the
top that said that this was different than what OSI had approved
and a pointer to the differences.

Damian Gerow

unread,
Jun 17, 2003, 2:05:19 PM6/17/03
to
Thus spake Russ Cox (r...@plan9.bell-labs.com) [17/06/03 14:01]:

Any reason the OSI-approved license was dropped? Why move to a new license
after one was approved?

IMO, the entire license can be reduced to just Clause 5. I'm no legalese
expert, but it feels like everything else is just a specific instance of
Clause 5.

Everything in the license basically states over and over again that the
Contributor(s) are not responsible for the Receiver(s) performing action X.
If Clause 5 already says that, just not in so many words, why bother going
to the trouble of pointing everything out?

Even Clause 5 itself is repetitive -- the portion in CAPS seems to be fairly
clear to me, as to what the license is.

Donald Brownlee

unread,
Jun 17, 2003, 2:14:24 PM6/17/03
to
To avoid having to indemnify contributors, couldn't
a distributor offer a license which disclaims as
much as possible AND requires a distributee
to accept the Lucent license?

To distribute and have to indemnify the contributors could be risky.


Charles Forsyth

unread,
Jun 17, 2003, 2:19:34 PM6/17/03
to
there is another aspect which is: is it actually bad if it's (like) a contract? perhaps
contracts are good things. they set out the rights and obligations of the
contracting parties. more important: for the scope of a contract
they establish a kind of parity between small individuals and enormous
corporate bodies. i think that's an interesting and indeed admirable effect.
i don't have to trust, i can rely on the existence of that contract.
that's why `loopholes' and `fine print' are nasty.
we feel hard done by, and fortunately the courts often agree.
indeed the development of the enforceable contract is sometimes regarded
as being significant historically. even villains rely on it (eg, `take out a contract')
although they typically do not pursue their claims through the courts.

David Presotto

unread,
Jun 17, 2003, 2:19:41 PM6/17/03
to
Two changes were made to make it clearer/shorter. The export
disclaimer was added because lawyers don't like to leave
anything dangling.

All the clauses really do address different subjects.
5 and 6 lok real similar and could probably be combined
somehow.

boyd, rounin

unread,
Jun 17, 2003, 2:28:32 PM6/17/03
to
From: "Dan Cross" <cr...@math.psu.edu>

> If you don't want to use it because you don't like the license, fine.
> Otherwise, what's your point by sending this garbage to 9fans?

right

pres...@plan9.bell-labs.com

unread,
Jun 17, 2003, 2:47:26 PM6/17/03
to
On Tue Jun 17 14:15:16 EDT 2003, brow...@acm.org wrote:
> To avoid having to indemnify contributors, couldn't
> a distributor offer a license which disclaims as
> much as possible AND requires a distributee
> to accept the Lucent license?

The distributor indemnifies against the consequences of his actions.
The distributor is not indemnifying the contributors against the results
of their actions (unless of course he misrepresents their claims when
distributing).

>
> To distribute and have to indemnify the contributors could be risky.

If a contributor could be sued for something stupid that a distributor
did, wouldln't it be risky to contribute?

Andrey S. Kukhar

unread,
Jun 17, 2003, 3:52:41 PM6/17/03
to
Theo de Raadt: rms 2, the story is repeating :)

kyxap

> Date: Mon, 12 Jun 2000 20:42:45 -0600 (MDT)
> From: Richard Stallman <r...@gnu.org>
> To: pres...@plan9.bell-labs.com
> Subject: Plan Nine deep-sixed by non-free license
> Reply-to: r...@gnu.org
>
> I was excited to hear that Plan Nine might become free
> software, but it turns out that the license is too
> restrictive to qualify. We will have to urge people
> not to use the Plan Nine software under its
> present license.
>
> If at some point you are willing to consider rerelease
> under a free software license, please contact me.
> For more information, see
> http://www.gnu.org/philosophy/free-sw.html and
> http://www.gnu.org/philosophy/license-list.html.

northern snowfall

unread,
Jun 17, 2003, 3:54:26 PM6/17/03
to
>
>
>We've made OpenSSH so free that it is being included not just in
>generic purpose operating systems, but also in routers, switches, and
>reportedly soon even in POSTSCRIPT PRINTERS... from *major vendors*...
>because we are FED UP with one-off crap security software being put
>into these devices; because MY security depends on the security of
>YOUR NETWORK DEVICE; hence we would rather supply a complete 'plug and
>play' solution that any vendor can just merge into their product
>BECAUSE THE LICENSE IS UTTERLY STARK AND CLEAR AND FREE. But
>increasingly I am becoming convinces that anyone who has ever worked
>for AT&T or Bell Labs does not UNDERSTAND what makes networks more
>secure -- and it is, surprise, FREE DISCLOSURE OF THE SIMPLE STUFF.
>
>Were we on Berkeley drugs when we decided to make OpenSSH that free?
>
You *must* be on "Berkeley drugs" if you think that above paragraph is
in any way valid. Or maybe you're waiting to get backdoored again to
decide you really need to "rethink" the definition of "secure". Or maybe
you're just going to tell everyone that it was somehow related to your
politics (and not your technique at all). Hm.. just like DARPA...

When *YOU* make secure products that aren't easily evaded with five
or six extra bytes of machine code and *YOU* come up with theory that
doesn't just obfuscate attack design then *YOU* can actually get cocky.
Wobble wobble GOBBLES gotcha dox. And on the flip side, Berkeley
loves its AC1DB1TCH3Z. Maybe you should, too.

Don

http://www.7f.no-ip.com/~north_

Theo de Raadt

unread,
Jun 17, 2003, 4:12:28 PM6/17/03
to
http://plan9.bell-labs.com/hidden/newlicense.html

[and whichever other versions are proposed..]

The new license is utterly unacceptable for use in a BSD project.

Actually, I am astounded that the OSI would declare such a license
acceptable.

That is not a license which makes it free. It is a *contract* with


consequences; let me be clear -- it is a contract with consequences
that I am unwilling to accept.

Note that I sell OpenBSD CDs to fund our project. That contract right


there says in term 7:

If Theo accidentally sells a CD to
North Korea, the US can fuck him.

Thanks OSI. Thanks for being so damn patriotic.

It also says in term 4:

Sell this in a product in ways which "we" do not like, and the
contract you have accepted says you can be fucked by anyone
who owns this license later and who decides they want to fuck you.

Who is "we". You don't read term 4 that way? Lawyers I talk to read

We've made OpenSSH so free that it is being included not just in


generic purpose operating systems, but also in routers, switches, and
reportedly soon even in POSTSCRIPT PRINTERS... from *major vendors*...
because we are FED UP with one-off crap security software being put
into these devices; because MY security depends on the security of
YOUR NETWORK DEVICE; hence we would rather supply a complete 'plug and
play' solution that any vendor can just merge into their product
BECAUSE THE LICENSE IS UTTERLY STARK AND CLEAR AND FREE. But
increasingly I am becoming convinces that anyone who has ever worked
for AT&T or Bell Labs does not UNDERSTAND what makes networks more
secure -- and it is, surprise, FREE DISCLOSURE OF THE SIMPLE STUFF.

Were we on Berkeley drugs when we decided to make OpenSSH that free?

Who on this list is using OpenSSH? Who wants to use something less
free instead?

---

Tom Glinos

unread,
Jun 17, 2003, 4:28:56 PM6/17/03
to

>Can you explain this? None of us can see that.

I could go on and on why I don't like that clause.

Let's take a look at the first sentence. It includes the word "may".
(That word pops up later on as well as well as "would" and "might")
You NEVER use the word "may" when writing a contract.
Such weasel words get you into trouble every time.

Let's take a look at the intent of that clause. As I see it the idea
to layout idemnity relationships between Lucent, the "Distributor",
the "Contributor", and the "End User". Idemnity is a good thing. But this
clause gets it wrong. The language isn't crystal clear.

It then goes on to dictate how parties should act in a legal action.
What if the end user/contributor/Lucent is a prick?
Why would I want to tie my hands and close my options in a legal fight?
Why won't Lucent share in my risk if I change the way I do business? Why won't
you idemnify me? In fact in a fight I'd probably drag Lucent in and sue them.

I have a better idea.
If you wanted to say "nobody and sue anybody because of use of this stuff" then
say it.

As others have pointed out it conflicts with the "NO WARRANTY" and "DISCLAIMER OF LIABILITY".
If you REALLY mean those clauses, then you don't need the idemnity clause.

The license would be cleaner and stronger if you were to remove that clause.

Just my opinion.

northern snowfall

unread,
Jun 17, 2003, 4:34:35 PM6/17/03
to
> When *YOU* make secure products that aren't easily evaded with five
> or six extra bytes of machine code and *YOU* come up with theory that
> doesn't just obfuscate attack design then *YOU* can actually get cocky.
> Wobble wobble GOBBLES gotcha dox. And on the flip side, Berkeley
> loves its AC1DB1TCH3Z. Maybe you should, too.

Err, sorry for the OT-RANT. I get very bitchy between the time I've
just woken up and the time I have my first cranberry juice of the day.
However, the facts behind OpenBSD security still stand, and thus, do
my opinions.

UNIX security was one of the reasons I went out on my own and got
involved in OS research (thanks tunes.org). Thankfully, Plan 9 was
there. Enough said.

Don

http://www.7f.no-ip.com/~north_

boyd, rounin

unread,
Jun 17, 2003, 4:52:31 PM6/17/03
to
> The new license is utterly unacceptable for use in a BSD project.

the real problem is that BSD is utterly unacceptable.

David Presotto

unread,
Jun 17, 2003, 5:02:30 PM6/17/03
to
Nothing like a new license to wash out the free radicals.

Without the people dedicated to an open source cause, we
wouldn't have as liberal a license as we do. The global
consciousness/sensitivity caused by the free and open movements
was what softened the company enough to accept this license.
We may not like to admit it, but we have rms and his followers
to thank for this license.

Having to take their denunciations is just the other side of
the same coin. Should we ever come up with a license that
pleases both them and the company, it would be a sign that
their stance isn't extreme enough.

Jack Johnson

unread,
Jun 17, 2003, 5:27:24 PM6/17/03
to
On Tue, 17 Jun 2003, David Presotto wrote:
> Having to take their denunciations is just the other side of
> the same coin. Should we ever come up with a license that
> pleases both them and the company, it would be a sign that
> their stance isn't extreme enough.

Well said.

-J

Dan Cross

unread,
Jun 17, 2003, 5:29:26 PM6/17/03
to
> Having to take their denunciations is just the other side of
> the same coin. Should we ever come up with a license that
> pleases both them and the company, it would be a sign that
> their stance isn't extreme enough.

Or that hell had frozen over. Just stick a gratuitous `g' in front of
the name and see what RMS does.

- Dan C.

Donald Brownlee

unread,
Jun 17, 2003, 5:57:23 PM6/17/03
to

Yes.

A distributor might also be a contributor and have the distributee
accept the Lucent license. It seems that that would push all the
risk, if any, onto the end-user.

ozan s yigit

unread,
Jun 18, 2003, 4:58:02 AM6/18/03
to
Dan Cross:

> Otherwise, what's your point by sending this garbage to 9fans? If
> you've got a problem with Bell Labs, take it up with them. Don't spam
> the rest of us with your misunderstandings of the community's goals.

theo's message is on this list because people who can be instrumental
in crafting a new license happen to read this list. would you rather
hold the discussion on slashdot? :-]

oz
---
there is a fault in reality. do not adjust your minds. -- salman rushdie
Followup-To:
Distribution:
Organization: University of Bath Computing Services, UK
Keywords:
Cc:


--
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
D.H....@bath.ac.uk

Markus Friedl

unread,
Jun 18, 2003, 5:33:29 AM6/18/03
to
Dan Cross:

> Otherwise, what's your point by sending this garbage to 9fans? If
> you've got a problem with Bell Labs, take it up with them. Don't spam
> the rest of us with your misunderstandings of the community's goals.

The whole point of the mail is:

(1) It would be very nice to have the plan9 toolchain replace gcc
in the Unix world.

(2) Step (1) will probably only happen if the License is much
more liberal than the gcc license, e.g. an ISC or BSD style license.

Nobody is forcing you to do (2), especially if you don't care about (1).

So (1) might not be the "community"'s goal, but could do a favour to
rest of the world outside of the "community".

matt

unread,
Jun 18, 2003, 6:12:34 AM6/18/03
to
Theo de Raadt wrote:

>Were we on Berkeley drugs when we decided to make OpenSSH that free?
>
>

If you've got any left could you save me some, tnx!


oz wrote:

> would you rather hold the discussion on slashdot? :-]


Plan9 is now Officially Open Source

http://slashdot.org/article.pl?sid=03/06/17/1423211

Dan Cross

unread,
Jun 18, 2003, 10:46:39 AM6/18/03
to
> > Otherwise, what's your point by sending this garbage to 9fans? If
> > you've got a problem with Bell Labs, take it up with them. Don't spam
> > the rest of us with your misunderstandings of the community's goals.
>
> The whole point of the mail is:
>
> (1) It would be very nice to have the plan9 toolchain replace gcc
> in the Unix world.
>
> (2) Step (1) will probably only happen if the License is much
> more liberal than the gcc license, e.g. an ISC or BSD style license.
>
> Nobody is forcing you to do (2), especially if you don't care about (1).

At the end of the day, the only people who *really* can change the
license are the people at Lucent's legal department. Perhaps they can
get pushed and proded in the appropriate direction by folks in 1127,
but ultimately it's the lawyers who decide. It would be far more
profitable to take it up with them, perhaps first approaching someone
like Dave Presotto with a rationally communicated set of issues and
suggested solutions. Sending rants filled with insults to a group of
people who mostly don't care at this level of specificity, and who
can't do anything about it anyway, is just a waste of everyone's time.

> So (1) might not be the "community"'s goal, but could do a favour to
> rest of the world outside of the "community".

If the BSD Unix crowd put as much effort into writing their own
compilers as they put into the sort of posturing we saw yesterday,
they'd have had their own compilers years ago. Why is it strictly
necessary to use the Plan 9 compilers? Why not just write your own?
It shouldn't take more than a couple months of work, really.

Besides, there *are* BSD licensed compilers out there already.

- Dan C.

Dan Cross

unread,
Jun 18, 2003, 10:53:32 AM6/18/03
to
> theo's message is on this list because people who can be instrumental
> in crafting a new license happen to read this list.

Then I propose the creation of another list for license issues.
Perhaps, ``plan9-license-flames'' would be a good name.

> would you rather hold the discussion on slashdot? :-]

Well, yes, since I don't read slashdot, and therefore wouldn't be
distracted by it. :-)

I'd just rather not be a party to the discussion at all. The current
license is sufficiently liberal for my tastes, the OSI-approved license
seems fine for most other people, and it's a subject that's been beaten
to death, time and again. Theo just seems upset because he believes he
can't use the compilers in his ersatz version of BSD Unix. Frankly, I
don't care.

- Dan C.

andrey mirtchovski

unread,
Jun 18, 2003, 10:55:20 AM6/18/03
to
On Wed, 18 Jun 2003, Dan Cross wrote:

> If the BSD Unix crowd put as much effort into writing their own
> compilers as they put into the sort of posturing we saw yesterday,
> they'd have had their own compilers years ago. Why is it strictly
> necessary to use the Plan 9 compilers? Why not just write your own?
> It shouldn't take more than a couple months of work, really.
>

They want to use the Plan 9 compilers because they're better, of course :)

That settled, I would definitely like to see a more widespread adoption of
the Plan 9 compilers -- if nothing else, simply because it'll make me feel
like this operating system is going somewhere and not hitting a dead end
(not that I'm implying this).

Wouldn't you like to see those pesky 20% lack of speed (in the binary, not
in compilation) disappear? Presumably that's what the BSD people mean by
'improvement'.

andrey

northern snowfall

unread,
Jun 18, 2003, 11:35:24 AM6/18/03
to
>
>
>Wouldn't you like to see those pesky 20% lack of speed (in the binary, not
>in compilation) disappear? Presumably that's what the BSD people mean by
>'improvement'.
>
If you ask me, it isn't so much about speed that interests
the OpenBSD team. The tiny, yet smart, codebase of the Plan
9 compiler project allows the OpenBSD team to go in and hack
it to hell much faster than something like GCC. Especially
with their wishes of canary values and hacks that attempt
to randomize memory values, helping to obfuscate buffer-
overflow attacks. GCC has too large a codebase for them to
go through and alter what they want without reading how
their alterations effect the rest of the design.

It seems clear that they're attacking the problem at the
wrong end of the spectrum. Not to sound crude, but, if they
had the skill to do this in the first place, wouldn't they
have designed their own compilers by now? This kind of
'extended-openwall-grsecurity-etc' concept has been thrown
around by the OpenBSD team for at least a year, that I
know of.

Don

http://www.7f.no-ip.org/~north_


>

Markus Friedl

unread,
Jun 18, 2003, 11:40:30 AM6/18/03
to
On Wed, Jun 18, 2003 at 11:21:25AM -0500, northern snowfall wrote:
> If you ask me, it isn't so much about speed that interests
> the OpenBSD team. The tiny, yet smart, codebase of the Plan
> 9 compiler project allows the OpenBSD team to go in and hack
> it to hell much faster than something like GCC. Especially
> with their wishes of canary values and hacks that attempt
> to randomize memory values, helping to obfuscate buffer-
> overflow attacks. GCC has too large a codebase for them to
> go through and alter what they want without reading how
> their alterations effect the rest of the design.

sorry, wrong guess.

northern snowfall

unread,
Jun 18, 2003, 11:47:31 AM6/18/03
to
>
>
>sorry, wrong guess.
>
Sure sure ;) Then why don't you tell us what
your plans are?

Don

http://www.7f.no-ip.com/~north_


>


Dan Cross

unread,
Jun 18, 2003, 12:23:20 PM6/18/03
to
> > If the BSD Unix crowd put as much effort into writing their own
> > compilers as they put into the sort of posturing we saw yesterday,
> > they'd have had their own compilers years ago. Why is it strictly
> > necessary to use the Plan 9 compilers? Why not just write your own?
> > It shouldn't take more than a couple months of work, really.
>
> They want to use the Plan 9 compilers because they're better, of course :)

Heh. :-)

> That settled, I would definitely like to see a more widespread adoption of
> the Plan 9 compilers -- if nothing else, simply because it'll make me feel
> like this operating system is going somewhere and not hitting a dead end
> (not that I'm implying this).

I can understand that, but I'd rather see a more widespread adoption
of the spirit of Plan 9 than any part of its code. That is, more function
with less software.

> Wouldn't you like to see those pesky 20% lack of speed (in the binary, not
> in compilation) disappear? Presumably that's what the BSD people mean by
> 'improvement'.

It depends. Not if it means a 100% slowdown in the speed of the
compiler, or an order of magnitude increase in the code size. The BSD
people don't have a good track record in this area; I found it ironic
that Theo called GNU software bloatware.

- Dan C.

Charles Forsyth

unread,
Jun 18, 2003, 1:13:22 PM6/18/03
to
>>Wouldn't you like to see those pesky 20% lack of speed (in the binary, not

i don't find anything like 20% difference on anything real i'm doing.

Charles Forsyth

unread,
Jun 18, 2003, 1:16:22 PM6/18/03
to
> with their wishes of canary values and hacks that attempt
> to randomize memory values, helping to obfuscate buffer-
> overflow attacks.

i think Pascal, Ada and others had a more straightforward approach to that one ...
perhaps what they really want is not a C compiler at all...

boyd, rounin

unread,
Jun 18, 2003, 2:46:33 PM6/18/03
to
> (1) It would be very nice to have the plan9 toolchain replace gcc
> in the Unix world.

but i thought gcc was the solution to the world's problems ...

just look at all it's _beautiful_ options ...

ron minnich

unread,
Jun 18, 2003, 4:26:22 PM6/18/03
to
On Wed, 18 Jun 2003, boyd, rounin wrote:
> but i thought gcc was the solution to the world's problems ...
>
> just look at all it's _beautiful_ options ...


I think it needs more.

ron

rob pike, esq.

unread,
Jun 18, 2003, 5:02:27 PM6/18/03
to
> I think it needs more.

.... on their way, i guarantee.

-rob

Jack Johnson

unread,
Jun 18, 2003, 5:05:30 PM6/18/03
to

It's GNU. It needs 'less'.

-Jack

boyd, rounin

unread,
Jun 18, 2003, 5:11:32 PM6/18/03
to
> It's GNU. It needs 'less'.

Gnu's Not Useful

Markus Friedl

unread,
Jun 20, 2003, 3:52:29 AM6/20/03
to
On Wed, Jun 18, 2003 at 10:45:30AM -0400, Dan Cross wrote:
> Why is it strictly
> necessary to use the Plan 9 compilers?

I'm using plan9 since 1995 and its toolchain is very good compared
to other things that are out there, so it would be a nice thing to
have plan9 toolchain available for other plattforms as well. You
don't care, but other people might.

Ralph Corderoy

unread,
Jun 20, 2003, 8:31:47 AM6/20/03
to
Hi Dan,

> Or that hell had frozen over. Just stick a gratuitous `g' in front of
> the name and see what RMS does.

Maybe that's why he refers to it as `Plan Nine'; perhaps he's hoping
for `Plan Gnine'.

Cheers,

--
Ralph Corderoy. http://inputplus.co.uk/ralph/ http://troff.org/

matt

unread,
Jun 20, 2003, 8:58:35 AM6/20/03
to
Ralph Corderoy wrote:

>Hi Dan,
>
>
>
>>Or that hell had frozen over. Just stick a gratuitous `g' in front of
>>the name and see what RMS does.
>>
>>
>
>Maybe that's why he refers to it as `Plan Nine'; perhaps he's hoping
>for `Plan Gnine'.
>
>

so long as it's not "plan k9" we'll be okay

(
KDE does some interesting things wrt files using proto://filename such
as samba://windows_box/folder

naturally only seems to work in Konqueror & klib friends though. I'm not
sure if anyone has added shell script support (and dont care 8)

I remember reading years ago that NT was going to have synthetic file
support. So you could have an executable called dave.bmp and when the
data was requested it executed the program and returned the data. How
excited I was to install NT, read MSDN and discover only "shortcuts".
Maybe it's in there somewhere, if it is I would warrant that the
symantics change with every service pack.


Douglas A. Gwyn

unread,
Jun 23, 2003, 4:56:31 AM6/23/03
to
Ralph Corderoy wrote:
> Maybe that's why he refers to it as `Plan Nine'; perhaps he's hoping
> for `Plan Gnine'.

That's Gnot funny!

Anthony Mandic

unread,
Jun 23, 2003, 5:02:43 AM6/23/03
to
Ralph Corderoy wrote:

> > Or that hell had frozen over. Just stick a gratuitous `g' in front of
> > the name and see what RMS does.
>
> Maybe that's why he refers to it as `Plan Nine'; perhaps he's hoping
> for `Plan Gnine'.

I would have read it as gPlan 9.

-am © 2003

Jack Johnson

unread,
Jun 23, 2003, 10:46:27 AM6/23/03
to
Anthony Mandic wrote:
> I would have read it as gPlan 9.

Actually, if you really want to be in the spirit, you have to give it a
name that's completely impossible to find using a search engine, like "3".

Wesley Parish

unread,
Jul 3, 2003, 5:41:59 AM7/3/03
to
Theo de Raadt wrote:

> It's too difficult for me to explain in full details how much of this
> license is not acceptable to us. But it clearly is not acceptable to
> us.
>
> We have an entire operating system (minus a touch of GPL and LGPL here
> and there, one sendmail license, and a few smatterings of Artistic)
> that has NO CONTRACTS -- every license is simply "copyright law term
> dismissal + warranty disclaimer". That is free; these licenses make
> no new requirements of anyone; they do not require or re-state
> anything that is already the way it is. The BSD licenses we have
> simply take rights granted by copyright law to the author, and they
> serve to allow the author to give up all of those rights (except the
> copyright law right to be known as the author). These licenses ask
> for nothing in return; they do not even restate anything that another
> law might make a problem -- because there is no need to state it!
>
> We can't accept this license as it is. I note your meeting notes said
> that a goal had been to allow OpenBSD to use parts from this (in
> particular we were interested in the c compiler). I think someone did
> not listen to us, or understand what a BSD-licensed operating system
> has as a goal -- as this is, the plan9 components are now no more free
> for us to use than they were weeks ago.
>
> sure; you have a new license. That will be good for some people. Too
> bad it does not go far enough for the needs of a BSD licensed system.
> It's just incompatible. It would be the most onerous license in our
> tree (well there is the GPL, but year by year we remove and replace
> more and more GPL software in our tree... we had hoped to replace the
> c compiler in the long term with a free one...)

If gcc a.k.a. the c compiler's a problem, why not take this one and run with
it:
http://www.tendra.org/

"In case you are already wondering, TenDRA is a BSD-licensed C compiler,
with C++ STL support forthcoming. The original Crown copyright from DERA is
still present and the further expansion of TenDRA is BSDL'd."

It's reportedly a very high quality one.

Wesley Parish

--
First the wife, tone of awe. So much a condition. Kent in the labs, fast
forward. "So how was the worthlessful businessman?" But they hadn't
stopped meat for year ago, that arose hotel facade slowly moved apper.
- Don't let emacs meta-x dissociatedpress write your speeches!

D. Brownlee

unread,
Jul 3, 2003, 1:29:26 PM7/3/03
to
Wesley Parish wrote:

> If gcc a.k.a. the c compiler's a problem, why not take this one and run with
> it:
> http://www.tendra.org/
>
> "In case you are already wondering, TenDRA is a BSD-licensed C compiler,
> with C++ STL support forthcoming. The original Crown copyright from DERA is
> still present and the further expansion of TenDRA is BSDL'd."
>
> It's reportedly a very high quality one.
>
> Wesley Parish
>

Also, ACK is available with a BSD-style license.
Don't know -- haven't followed compilers lately -- but
it's generated code used to be respectable. It is also
fairly easy to get a compiler up for a new archictecture.
It was recently at:

http://www.cs.vu.nl/vakgroepen/cs/ack.html

but just noticed that that link is now 404.

D. Brownlee

unread,
Jul 3, 2003, 1:51:33 PM7/3/03
to
D. Brownlee wrote:

> Also, ACK is available with a BSD-style license.
> Don't know -- haven't followed compilers lately -- but
> it's generated code used to be respectable. It is also
> fairly easy to get a compiler up for a new archictecture.
> It was recently at:
>
> http://www.cs.vu.nl/vakgroepen/cs/ack.html
>
> but just noticed that that link is now 404.
>
>

These work:

ftp://ftp.cs.vu.nl/pub/ceriel/ack/Ack-5.5.tar.gz
ftp://ftp.cs.vu.nl/pub/ceriel/ack/doc.tar.gz

Wesley Parish

unread,
Jul 7, 2003, 7:45:53 AM7/7/03
to
D. Brownlee wrote:

Thanks!

Now I've just got to try it out on my several OSes - not excluding either
Plan9 _or_ OpenBSD - TenDRA compiles on Linux, I do know that, I just
haven't tried compiling the kernel with it, but it'll happen ... ;)

D. Brownlee

unread,
Jul 7, 2003, 10:08:37 AM7/7/03
to
Wesley Parish wrote:

> Now I've just got to try it out on my several OSes - not excluding either
> Plan9 _or_ OpenBSD - TenDRA compiles on Linux, I do know that, I just
> haven't tried compiling the kernel with it, but it'll happen ... ;)
>
> Wesley Parish

The Linux kernel may be a problem.
There is alot of "inline" code in '.h' files,
assembly code at that. Those guys learned 'C'
with GCC.

Reply all
Reply to author
Forward
0 new messages