Mark,
I understand you won't be distributing source. But my real question is, as
mod_ssl becomes a true module, will you be offerring a product with a
mod_ssl module (compiled) that can be plugged into a custom-compiled
version of Apache, and that will stay up with the current Apache release?
I'm sure many of your customers would like a complete solution, and that
that's how the product would be sold. But others of us would be happy to
buy the whole product just to get the mod_ssl/BSAFE component in a
US-licensed form - providing it can plug into an otherwise custom-compiled
Apache.
For instance, Red Hat's first secure server release was compiled with an
obsolete version of PHP - which they still use on Red Hat's own site even
now, but which no-one seriously into site development as their core
business was using by that point. And when some new security exploit is
found in Apache, anyone serious enough to be running an SSL site will want
to upgrade in very short order, not 4 to 6 months later when their
vendor's product cycle runs around again. Custom compiling Apache is
easier than configuring it at this point. If you're marketing a US secure
Apache solution, the best solution is the one that leaves the users with
as close to the same flexibility as someone, say, in Switzerland can now
get for free. Shrink-wrapping is great for OS's and desktop applications,
but if it were the best thing for server daemons, Apache wouldn't rule. So
I hope you'll play to Apache's strength, and make a profit by helping the
US market cope with RSA's restrictions, without crippling the product by
turning it into a shrink-wrap-only, one-size-fits-all thing.
\/\/ I-I I T
Blauvelt
[EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]