Search squid archive

Re: GNU GPL Question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Firstly, thank you for bringing this to everyones attention.

On 20/05/2013 12:54 p.m., Daniel Streefkerk wrote:
Symantec provide a version of Squid to their Symantec.Cloud customers
that they call the "Client Site Proxy". They've modified the source to
add two "encrypted" headers  (X-TEACUP and X-SAUCER) to each request,
and only provide a Windows version of the product. These headers
provide reporting information back to the centralised admin portal. I
think one of them contains an encoded username, not sure about the
other.

They're refusing to provide a Linux version on the grounds that their
modifications are "confidential" due to the "encryption" of the
headers.

A bogus reason. Squid-3 offers eCAP exactly for the purpose of commercials like this to write their own modules and publish those under different licensing than Squid. If they were doing *that* they would be able to restrict the source code for their module(s).

Also, this blogger appears to have managed to get one out of them: http://blog.periodicfailure.com/?p=22


Seeing as Squid is GNU-GPL licensed and they're providing a commercial
product based upon it, aren't they required by GPL to make the source
code for their modifications to squid-cache available to the consumer?

Maybe. The key question is whether they are distributing the binaries or just offering access through them?

Squid is released as GPL version 2. Any patches made to a distributed Squid binary fall under its clauses. But, anyone can *use* Squid patched or otherwise to offer a commercial service.

FWIW: Hiding the code on those grounds is a sure sign that their "security" measure is a bogus protection. eg rot-13, base-64, X+N cipher or something just as easily broken by knowing the algorithm.

Amos




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux