On Mon, 2004-11-08 at 20:50, Damien Miller wrote: [snip] > I'm not suggesting that Redhat has made clandestine changes, any such > changes aren't really clandestine when they can be revealed with "diff". > I am saying that we don't have the time (or the desire) to go and check > what changes RedHat make to their tarball for each release. Well, it took me less time to determine what the change was, guided by the very name of the tarball, than it did to read your message. So you didn't have the time (that turned out to be minimal) to look at the simple change, but *did* have the time to post your missive which presumably took longer to write than it did to read (almost always the case). So you had time to lob charges at Red Hat, but no time to investigate those very charges. I see. As they say on /., RTFA, or in this case RTFS (source). > Patches are > easy: they are instantly readable and most of them don't change from > release to release anyway. And this wasn't far from that. You could have taken an only very slightly more detailed look to discover what had been done. (BTW, if you don't know *why* it was done, you are ignoring legal precedent here in the USA, Red Hat's home country.) You would have been able to determine pretty quickly if it was going to involve more time and made a decision at that point. Let me put it this way. If you are going to post such an controversial missive (and please don't say you didn't know it would be controversial ... if that's true, it was rather naive), you had a *responsibility* to investigate further. To do otherwise is to admit Darl McBride's legal strategy has merit. > Given the choice of improving OpenSSH vs. chasing up hidden vendor > changes motivated by a misguided legal department before I can determine > whether a bug report is valid, I know which will always win. I love it when people outside of a company imply that their legal advice is better than the company's own internal legal team by calling their legal team 'misguided'. I thoroughly respect developers' contributions, and the time demands on them. But that's no excuse for posting a relatively long message to public mailing lists before sending a brief "what's up with this" email off to the maintainer of Red Hat's openssh package. > Some people have taken offence to my cross-posting, I don't understand > why; my original message is of relevance to openssh users, Fedora users > and Fedora developers - the very lists that I posted to. See above. A quick (and much shorter, by the way) message to the package maintainer would have gotten you an answer without the need for asbestos underwear. And if I haven't said it enough, OpenSSH (and OpenBSD!) rocks! Thanks for what you guys have done. Thank goodness *someone* picked up the ball when the original ssh got less and less free. -- -Paul Iadonisi Senior System Administrator Red Hat Certified Engineer / Local Linux Lobbyist Ever see a penguin fly? -- Try Linux. GPL all the way: Sell services, don't lease secrets