L’ajuda zero d’empreses multinacionals a l’OpenSSH

Si cada casa és un món, cada empresa multinacional és un univers en sí mateixa; però això no les eximeix de ser responsables i ajudar aquells que els fan estalviar milions sense percebre res a canvi.

Malauradament, crec que hi ha diversos projectes (com l’OpenSSH o d’altres que ja han canviat de llicncia) als que els espera un futur ben incert. Qu els costaria a les grans megacorps donar suport a aquests projectes? Una part miserable dels pressupostos, n’estic segur.

Podeu llegir en aquest fil de la llista de desenvolupament d’OpenSSH…

Subject: Re: Funding OpenSSH
Date: Thu, 23 Mar 2006 17:03:50 -0700
From: Theo de Raadt 
To: Damien Miller
Cc: openssh-unix-announce@mindrot.org, openssh-unix-dev@mindrot.org

I would like to add a few things, if I may.

> Many vendors have integrated OpenSSH into their operating systems or
> devices and quite a few of these proudly list the secure management
> ability that OpenSSH provides as a major feature in their marketing
> material - something which translates directly to product sales.

These vendors include:

        Sun     Apple   IBM     HP      Cisco   Netgear RedHat  SuSe

        most operating system vendors except Microsoft

        nearly other major network equipment manufacturer

        (but many other vendors too)

These vendors have never given us even a dime.  (To put it more
clearly, IBM loaned one developer a machine to make sure that OpenSSH
would run better on it, but they INSISTED on it being a loan instead
of just giving it to the developer).

I heard a story once that Sun talked to SSH.COM about getting their
SSH product incorporated into Solaris, and were quoted either $1
million or $2.5 per year for a license.  (Someone from Sun can correct
me on this figure when they come help us).  Sun instead incorporated
OpenSSH into Solaris.  Now that's all fine and dandy, but if Sun saved
so much money why don't they help us out a little bit, so that we can
make OpenSSH even better?

The same applies to the other vendors listed above.  We have saved
them perhaps tens of millions of dollars (I am sure this is not an
exageration, for EACH vendor), yet everytime we have tried to contact
them to ask for some assistance we have always been given the
run-around, the conversation has died out, and then amounted to
nothing.  We have contacted most of these vendors multiple times.

Some of the user community may have been around long enough to know
how things have historically went with BIND or Sendmail, other
infrastructure products that had no assistance from vendors.  Sendmail
went semi-commercial and is so poorly maintained that it still has
holes in it (how timely), and if my information is correct BIND9
development was largely funded by a few European non-profits, on a
pitance of a grant.  Meanwhile, the GPL'd variants of such software
products like this are still avoided by vendors.  So they only want to
take, take, take.

I know we cannot be the only people who think this is ridiculous.  And
it has to change, otherwise I think we will feel compelled to change
the way that we work with vendors.  We have had discussions about other
options we have already, but we hope that the vendor community does
the responsible thing.

> This is an opportunity for these vendors to give somthing back. For
> a relatively tiny amount of money, you can help ensure that OpenSSH
> continues to extend its functionality and proactively improve security.
> If you are interested, please email myself, Markus Friedl and/or Theo de
> Raadt:
>  - Damien Miller
>  - Markus Friedl
>  - Theo de Raadt
> If you work for a vendor who uses or has integrated OpenSSH, please
> consider this request and forward it to anyone else in your organisation
> who is able to assist.
> Thanks,
> Damien Miller

As a side note, earlier today IBM Support actually sent an energy
company with whom they have a multi-million support contract to our
private development mailing list saying we had to fix a customer bug.
I was shown an extensive set of IBM support emails with the customer
where they were refusing to take responsibility for the issue, and
finally told their customer that OpenSSH was responsible for fixing
their problem.  I say shame you, IBM, SHAME ON YOU.  You take their
money and want us to make your customers happy.

openssh-unix-dev mailing list

Em pregunto qu hagués passat amb el cas de Sun i SSH.COM si la llicncia de l’OpenSSH hagués estat la GNU GPL enlloc d’una llicncia BSD. Hauria acceptat Sun de pagar la xifra que els demanava SSH.COM?

1 comentari a l'entrada “L’ajuda zero d’empreses multinacionals a l’OpenSSH”

  1. Robert ha dit:

    > Em pregunto qu hagués passat amb el cas de Sun i SSH.COM si la llicncia de l’OpenSSH hagués estat la GNU GPL enlloc d’una llicncia BSD. Hauria acceptat Sun de pagar la xifra que els demanava SSH.COM?

    No ho crec, però segurament els haguessin contribuit millores substàncials, que ja deuen esser presents a les versions que ells distribueixen sense que mai poguem arribar a saber ni quines són.

    Jo diria que si a en Theo no li agrada la llicncia BSD amb totes les seves conseqncies, que no la faci servir!