[linux-elitists] Proposed letter to Linux Weekly News

Rick Moen rick@linuxmafia.com
Tue Feb 29 16:51:22 PST 2000


Anyone feel this is too harsh?  I'm torn between the desire to beat up
on the proprietary-software lusers for past deeds and probably
near-future cluelessness, and the desire to play nice with a firm that's
making some of the right gestures.



To: letters@lwn.net

Dear Ms. Coolbaugh and Mr. Corbet:

I note with interest your 2000-02-29 news item, "Tripwire goes Open
Source".

The company press release in question claims an "open-source" version
will be available in Q3, but conspicuously fails to state under what
licence.  I hope they will clarify their intentions, and have written
them to inquire about the matter.

The history of Tripwire is interesting.  Contrary to the lwn.net story's
claim, Tripwire did _not_ originate under an open source model:

It was written by Gene Kim and Gene Spafford at Purdue's COAST Lab, with
copyright held by Purdue Research Foundation, and was among the many
proprietary security packages widely _assumed_ (in error) to be free
software (like SSH after v. 1.2.12, COPS, SATAN, and PGP), because of
source-code availability.  But, like the others, it had permitted-usage,
USA-export, and patent restrictions.  Kim and Spafford then developed
the code through v. 1.2 at COAST, at which time it stagnated. 

In 1997, Purdue Reseach Foundation (the code's owner) licenced exclusive
commercial rights to Gene Kim's new company, initially named Visual
Computing Corporation, then Tripwire Security Systems, Inc., and
currently Tripwire, Inc.  That company has released versions 1.3 through
2.2.1 as proprietary, binary-only software (while furnishing source in
an "Academic Source Release" variant subject to certain conditions).

The point is that Tripwire, Inc. may still be unclear on open-source
licencing, and may intend to give us a viewable-source licence (a la
SCSL), or something otherwise non-OSD-compliant
(http://www.opensource.org/osd.html).

Meanwhile, the leading GPLed replacement for the proprietary Tripwire
package, Rami Lehti's AIDE (Advanced Intrusion Detection Environment, at
http://www.cs.tut.fi/~rammer/aide.html) has already advanced to exceed
Tripwire's capabilities, and of course benefits from the accelerated
development cycle characteristic of genuine open-source licencing.

In that sense, it would make sense for Tripwire, Inc. to genuinely
open-source its product, as that might help it to compete.

Best Regards,
Rick Moen




More information about the linux-elitists mailing list