[EMAIL PROTECTED] wrote:
> Out of curiosity, is there any reason why there isn't an archive of
> compiled binaries? Source is all very well, and I can see absolutely
> why you *have* to have it when you're dealing with encryption
> technology, but couldn't the OpenSSL site be regarded as being
> authoritative enough to host some "official" binaries as well? I
> mean, I'm presuming here that OpenSSL *is* implemented as
> libraries...
I guess the problem there is that none of the developers really want to
deal with Windoze, and there's really no reason to ship binaries for
anything else (I'm sure this must tell us something really obvious).
> For instance: Pegasus Mail is officially distributed from two sites
> in the U.S.A, one in the Netherlands and one in New Zealand. If I
> were to implement my SSL code as a separately loadable DLL, is there
> any reason why I can't just make that available from the Netherlands
> and New Zealand sites, but not the U.S. sites? Is there any effective
> reason why someone in the U.S.A. couldn't go to those sites, download
> the SSL enabler, and use it? [ Remember that I'm based in New Zealand
> and have no formal representation or presence in the U.S.A. ]
There's no come-back on you for doing this, but the persons in the US
would be violating RSA's patents (is my understanding).
> How are real-life application developers actually dealing with this
> problem? RSA are clearly only interested in gouging as much money as
> they possibly can before their patents start running out - I can't
> imagine that any developer except the really big corporates could
> afford license fees like this... So what does a developer do? There's
> a real danger of smaller players being forced out of the industry
> because they don't have the financial capacity to license things like
> this - does that worry anyone else as much as it worries me? (That's
> a rhetorical question, by the way - I'm sure it bothers *everyone* on
> this list just as much as it bothers me).
Real-life application developers are forking out loadsa money to RSA. Of
_course_ it worries us, that's why we do OpenSSL! Luckily, this all
becomes a non-issue next year. It would've been a non-issue sooner if
the IETF hadn't weirdly bent over backwards to ensure RSA's profits. Ah,
well.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
- Indira Gandhi
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
