In message <[EMAIL PROTECTED]>, "Sami J. Lehtinen"
writes:
>We released a new version of ssh1, ssh-1.2.28. This has the latest
>Kerberos related security fixes.
>
>In general, we recommend to use ssh2; in ssh1 there are security
>weaknesses inherent in the protocol. (some of these have already been
>discussed in public forums. One example of these is the MAC-weakness.)
>
>But, if you wish to be backward-compatible with ssh1, this is the
>version of ssh1 we recommend to use.
When you make a major change to the license terms, you should
announce that as well. The 1.2.27 COPYING file says "Companies
are permitted to use this program as long as it is not used for
revenue-generating purposes." 1.2.28 says, among other things,
"For the avoidance of doubt, the following are considered examples
of commercial uses of the Software: (1) use at or for a commercial
enterprise".
Don't get me wrong; you're entitled to impose whatever license
terms you wish. But a change of this magnitude should be mentioned
explicitly, especially when the announcement carries a strong
recommendation that the new version be used.
