Home / News & Blogs

Fatal flaw in BSD?

Evan Liebovitch | June 6, 2000 12:00 AM PDT

Summary

The Kerberos Affair shows weakness of BSD software license.

Topics

GPL, Flaw, Microsoft Corp., BSD, Kerberos, UNIX, Open Source, Security, Operating Systems, Software, Evan Liebovitch
Heaven knows I've tried to be neutral whenever I've encountered any of the(not so) great debates between theGNU and BSD approaches to licensing. I've previously given positiveattention to the OpenBSDand FreeBSDprojects, and I thought (and still think) that the mergerof the companies behind FreeBSD and BSDI was a pretty good idea.

Butin light of what I see as a fairly serious hole in what was supposed to bean open standard, I'm having second thoughts on this neutrality.

In what has become fairly widespread news, Microsoft has taken the Kerberos securitysystem and attemptedto extend the protocol in a non-portable way while keeping the extensionssecret. So far the biggest news surrounding this issue came from the following Slashdot-Microsoft exchange:a Slashdotreader posted the extensions; Microsoft, under the terms of its license, attempted to have the linksremoved; Slashdot subsequently told Microsoft whereto stick its e-complaint.

Open sesame
Certainly one could take Microsoft to task for the ethics of taking anopen standard and turning it proprietary. But why it was done, to me, isneither as interesting nor as genuine a source of concern as how it wasdone or how it can be prevented in the future.

You see, the Kerberos code that Microsoft "enhanced" is distributed undera BSD-style license similar to the oneused by XFree86. This is the kind of license that generally allowsanyone who legally obtains the source code to make modifications withoutrequiring such modifications themselves to be open. Indeed, the copyrightfile that comes in the current Kerberos code explicitly says:

Permission to use, copy, modify, and distribute this software and itsdocumentation for any purpose and without fee is hereby granted.
In contrast, the GNU PublicLicense, under which Linux and most of its tools are distributed,requires that all modifications must be as open as the original code.

Clearly, had Kerberos been distributed under the GPL rather than aless-restricted license, Microsoft wouldn't have been able to do what theydid. Sure, the company could challenge the GPL or even try to flout it; butconsidering Microsoft'sown paranoia about software licenses, that's unlikely.

Unless I'm badly misreading something -- and in the quagmire of legalesesurrounding such issues, that's always possible -- this episode indicatesa specific example of real harm to the free software community thatoccurred because a BSD license was used. Furthermore, the problem wouldhave been prevented had the code in question been licensed under the GPL.If this is the case, then I'd have to say this event goes a long way intipping the balance of the two licensing models' respective merits.

What do the labels really mean?
I've heard many an argument in which BSD license fans claim that theirlicense is actually more free than the GPL.

Well, yeah. So it is. Whoopee. But what is really gained by winningthis particular debating point?

If we want to pick nits, the most free license is no license. Yet youdon't see BSD code released into the public domain -- its proponents favorsome kind of restrictions on distribution, they just draw their line in adifferent place than the GNU folk.

But the Kerberos experience perhaps teaches a lesson that the FreeSoftware Foundation got this part right. Making free software is indeedonly half the battle, keeping it free is also a challenge the communitymust confront if we are to prevent the Kerberos problem from recurring.While most of the proprietary enhancements to BSD-licensed code (such asBSDI) have been benign, what Microsofthas done to Kerberos is clearly not in the interest of the communityat large. Given that it could happen again, I must say I'm finding theFree Software Foundation approach to the issue (using the BSD-licensing of XWindows as an example) pretty compelling.

To FreeBSD leader Jordan Hubbard, it's more a matter of bully tactics thanwhich license was used. "I don't think it has anything to do with licensingat all," he said. "It's just more of the same strong-arm tactics thatMicrosoft is famous for doing because they're Microsoft and big enough toget away with it." I can't agree. To keep to the terms of the GPL,Microsoft would have to publish any changes, leaving the rest of thecommunity to determine whether its changes should become official.Microsoft's influence could not prevent its changes from goingmainstream.

Of course, none of this negates the fact that BSD operating systems are ofextremely high quality, and have their own communities of extremelyskilled and dedicated users and developers. Nor does my preference for theFSF approach diminish my belief that Richard Stallman's jealousy (andmisunderstanding) of Linux's success is an ongoing and unwelcomedestabilizing factor. But it certainly looks from here as if, in the(generally) friendly rivalry between the fans of GPL and BSD distributionmodels, the BSD approach has been found wanting in a fairly serious way.BSD's supporters have a significant problem to overcome unless they want tosee an increase of "embrace and extend" attacks.

Do you prefer the BSD license model? Let us know in the TalkBack below.

Talkback - Tell Us What You Think

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity