Quoting Steve Litt (sl...@troubleshooters.com): > Yes. So is systemd, and so is Dracut, into which Red hat incorporated > systemd things and then emptied its older repositories, making forking > much harder.
As has been noted by others, to preserve the ability to fork from other versions, wide distribution and mirroring of a codebase's past releases (and/or changesets) is necessary. I'd like to tell a story about how the world got Portable OpenSSH and other completely open source implementations of the secsh protocols. Tatu Ylönen invented the protocol starting in the middle 1990s (mainly) as a crypto-wrapped replacement for the Berkeley r-commands, at Helsinki University of Technology in Espoo (now called Aalto University), under permissive licensing for the first couple of years. (Compilation required some external libs, some of them GPL.) Ylönen founded SSH Communications Security, Ltd. to commercialise it. Some time in early 1996, about the time Ylönen's 1.2.13 came out (1996-02-10), his company signed a commercial distribution agreement with Data Fellows, Ltd. (now F-Secure Corporation). Slightly more restrictive licensing was introduced at that time into all newer releases. Right around the issuance of 1.2.13, the files for 1.2.1 through 1.2.12 were quietly removed from the main SSH ftp site and its mirrors. The licence was changed again starting with 1.2.28, requiring payment for any use in a commercial setting. The 2.0 series (introducing secsh 2.0 protocols alongside the 1.3 ones) further restricted terms. Some years passed. People started realising that they'd been lulled into complacency, and what was now critical infrastructure was available only under increasingly restrictive terms. In August 1999, Björn Grönvall of Sweden found an old tarball of Ylönen's ssh 1.1.12 and forked it as 'ossh', maintaining this codebase under the original permissive licence through 2001, fixing and re-updating the code. OpenBSD Foundation noticed his work, and forked his fork, creating OpenSSH & Portable OpenSSH as reference implementations (further updating the code and replacing copylefted components). The availability of a reference implementation under permissive licensing (along with expiration of the RSA patents) then helped bring about development of Dropbear, LSH, FreSSH, PuTTY, and other key implementations. If Grönvall hadn't found that old tarball, I'm not sure where we'd be today. Another little story: In 1999, I became a VA Linux Systems employee, just in time to go through the firm's meteoric IPO and the almost immediately consequent Dot-Bomb stock market crash and collapse of the firm's business model. To my great annoyance, corporate management decided to transform the firm from a Linux-oriented hardware company into a proprietary software firm. One of the two new market focuses (along with storage software) was an effort to commercialise SourceForge. What followed was... guess what? I'll just pause and let you read the outside account by Loïc Dachary of Free Software Foundation Europe: http://www.advogato.org/article/376.html Over the past few months the SourceForge development facility, which hosts a large number of Free Software projects, has changed its policies. Features for exporting a project from SourceForge have been removed. The implementation used to be exclusively Free Software but is now based on non-free software. Finally, VA Linux has become rather underhand[ed] in their attempts to grasp exclusive control of contributors' work. SourceForge did a lot of good for the Free Software community, but it's now time to break free. [...] Loïc and others having sent up the alarm, a few people started taking measures to preserve escape hatches, including Savannah, BerliOS Developer, Debian-SF, GForge, and FusionForge. I tell a lot of this somewhat twisted history, and further machinations by the Company Formerly Known as VA Linux Systems, here: 'SourceForge Forks' at http://linuxmafia.com/kb/Apps/ GForge, created by original SourceForge architect Tim Perdue the day he was laid off by VA Linux Systems, emerged as the leading fork. As a VA Linux Systems, VA Software Corporation / whatever employee, I could not ethically comment, except for years I had this as one of my .signature blocks for posting in the open source community: Cheers, Open-source SourceForge retakes the lead: Rick Moen http://gforge.org/ Thank you, Tim Perdue. r...@linuxmafia.com As I say in my cumulative .signatures collection, http://linuxmafia.com/pub/humour/sigs-rickmoen.html: Archivist's Note: For context, Perdue had been the original architect of the SourceForge codebase, which was then taken proprietary by his employer in 2002. After he was laid off, he cleaned up the pre-proprietary codebase and released it, as a clearly superior alternative, renamed to "GForge" for trademark reasons. This .signature of mine aimed to give Perdue's project a small mindshare boost. Since that happened, the active open source version departed from the GForge effort and is now FusionForge. N.B.: Timothy Dean Perdue succumbed to colon cancer on September 16, 2011, aged 37. May Tim rest in peace. To sum, there are things to beware of and watch for. Any important open source codebase needs to have a significant number of years of its version history widely mirrored, and at least _some_ of the mirrors need to be entirely untouchable by the maintainers. Any sudden mysterious code disappearances / unavailability, any mysteriously requested assignments of copyright ownership (_especially_ if they're deceptively called 'Contributor License Agreements' -- and I'm looking at you, Canonical, Ltd.), or anything even remotely like that should raise immediate red flags and get people independently mirroring everything and preparing to fork if necessary. _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
