This has become something of an issue at NASA/Ames, where there's been
a mandate to run everything (including internal networks) via some
secure (ssh, e.g.) protocol. I don't remember where it was left at
but basically SSH 2.0 is not something usable due to the licencing,
so 1.2.26 is what is being standardized upon.



On Mon, 12 Oct 1998, Rob Healey wrote:

> 
> 	Has anybody taken a close look at the SSH 2.0 license? In a nutshell
> 	it appears that unless you are a student at a University the public 
> 	source use is prohibited; i.e. you have to get the commercial version.
> 
> 	Particularly interesting is that you can't connect up to a commercial
> 	entity with the public version unless you are a student downloading
> 	work; i.e. an ISP is a commercial entity as is any other entity
> 	that pays salerys, i.e. a non-profit organization would fall under
> 	the paying salery dept.
> 
> 	Offhand it sounds like cdrom.com couldn't even use it let alone any
> 	of the organizations that package up freeware CDROM's; they probably
> 	pay people to do the packaging and thus fall under commercial catagory.
> 
> 	Given the 2.0 license, care should be taken that the 2.0 version
> doesn't
> 	get onto any of the archives or CDROM's. It's not clear what patches
> 	in the pkg area would do either since the patched 2.0 would be a
> 	derived work...
> 
> 	This seems kinda stinky since they expect the freeware world to fix
> 	and debug their commercial product while forcing the same people
> 	who would be providing fixes to buy the commercial version! It's
> 	not clear if the commercial version is source or binary either.
> 
> 	Anyways, has anyone else looked in to this yet? Should care be taken
> 	to avoid the 2.0 version in the distribution and/or pkg (patch issue)
> 	so sticky legal dragons don't rear their heads?
> 
> 		-Rob
> 
>