OpenBSD--along with NetBSD and FreeBSD--is a version of Unix that's open source, meaning people may modify and redistribute the software. But OpenBSD founder and project leader Theo de Raadt removed a security software package called IPFilter after its author changed its license May 18.
The change in license focuses on whether programmers are allowed to modify the IPFilter software--as OpenBSD had--without the permission of IPFilter author Darren Reed. The modified license, which explicitly forbids people from changing the software without Reed's permission, came in a new version of the software Reed made available May 18.
"We don't have a choice. We must remove his code," de Raadt said in an interview. Unhampered "modification of software is a crucial component for increasing the security of the Internet."
"I'm not concerned about this at all," Reed responded. "I've received e-mail from people who use IPFilter in OpenBSD saying they'll switch to using NetBSD instead...I believe this action by OpenBSD will do them more harm than me." IPFilter works with OpenBSD, FreeBSD, NetBSD and Sun Microsystems' Solaris.
The squabble illustrates some of the pitfalls of the open-source software movement, in which philosophical principles can butt heads with the legal complexities of intellectual property law. Though proprietary software isn't immune from such tangles, companies writing proprietary code typically have better access to legal advice than the open-source programmers, often volunteers working on their own time.
IPFilter is firewall software that accepts or rejects different types of network traffic based on the Internet Protocol address of packets of information sent over a network. It's a key part of server software, and OpenBSD is examining two replacement alternatives, IPFW and a former commercial package called Netgate, de Raadt said.
The earlier IPFilter license said, "Redistribution and use in source and binary forms are permitted provided that this notice is preserved and due credit is given to the original author and the contributors," to which Reed added, "Yes, this means that derivative or modified works are not permitted without the author's prior consent."
According to Reed, the addition to the license merely clarified a point; companies using IPFilter were already interpreting the earlier license as not permitting changes without permission.
The IPFilter problem led OpenBSD programmers to discover two other software packages with similar licensing problems: libwrap and mrouted, de Raadt said. The organization is working to resolve those potential problem spots.
Though Reed and de Raadt briefly debated the licensing issue, both describe the exchange as unproductive at best. De Raadt said he complained that Reed hadn't accepted suggested changes to the software in the past and threatened to take the issue to the news media if Reed didn't change the license.
Reed said in an e-mail interview that de Raadt "basically said, 'Do this or else.' You can't hold any sort of reasonable discussion if someone is approaching the table like that, so things went nowhere quickly."
Reed, a programmer and consultant in Melbourne, Australia, who started the IPFilter project in 1993, estimates that he wrote about 90 percent of the IPFilter code.
He said it's a question of definition whether his software is open source or not--but not a question that bothers him.
"IPFilter existed as a product distributed as source code before 'open source' became a popular trend in computing," Reed said. "That it fits under the title of 'open source' is not of concern to me; that it is available to as many people that want to use it on Unix is."
One of the issues of concern in the open-source software movement is who has control if a controlling company or person goes bankrupt, loses interest or dies. Asked on the IPFilter mailing list what would happen to IPFilter if Reed were hit by a bus, he responded, "I won't care. I'll finally get to (rest in peace)."