------- You are receiving this mail because: -------
You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=1536
--- Comment #3 from Mike H <mystica@???> 2014-10-30 13:08:00 ---
(In reply to comment #2)
> FWIW SpamExperts is actively involved in the Exim community, and any bug
> fixes/enhancements/detected security vulnerabilities etcetera, we always share
> with the Exim community.
Thanks; its nice to see that corporates do contribute somewhat.
> We always try and support opensource projects where
> possible, that's of course in our own advantage as well. Our email security
> services are only provided SaaS, where we provide full management/monitoring > of the software.
Right; so you don't distribute a physical product, nor do you distribute a
software product...You skirt the GPL source requirements by not distributing
anything. Very lawyer-smart - and something Tivo cannot do, and were legally ,
as on a Tivo, the software is not generic and can't decode tv without hardware.
Its impossible to run a Tivo VM but your company very slyly writes individual
restrictions into the license into the license so a GPL
not-quite-violating-legally-but-definitely-in-spirit act of not-distributing
your software to customer owned equipment
If you housed the spex servers in _your_ datacenter, that would fall under the
"in-house implementation we maintain" category and I would not be so annoyed.
But when I deal with 100s of other exim servers, fixing them when broken, and
yet due to careful manoeuvring by your lawyers, I cannot diagnose or
effectively tell my customer why their spam filters are blocking everything,
why their spam filters are backed up, why their spam filters are queueing
messages for hours when they are traversing between servers within the same
single customer's cluster, (mail should be pretty instant in this scenario) I
get _exceedingly_ frustrated.
If not legally a violation of the GPL, this act is a violation of common
decency and the spirit of the GPL.
Instead of distributing a product, like Tivo, who are legally obligated to
contribute their kernel modifications to the world, you tell customers to make
a VM or a standalone server -on their premesis, within their network, not owned
by you at all- that you will manage as if the customer did not own it, but
rather, gave it to you for your use and then you effectively re-sell the
customer-owned-hardware back to them as a service because now you somehow
didn't distribute the program from your offices, into the customer's network.
What?!
Just how in all the world does this not count as distribution? You are sending
the customer modified binaries, without the required-by-license source code for
those modifications, under the shaky claim that its your management/your
instance so it isn't distribution?!
Is not the transfer or bytes from your servers, into the customer's network,
distribution of your modified GPL-licensed program?
What crazy legal definition of "distribute" are you attempting to mangle so
that you get away with this act, an act specifically targeted to be prevented
by the GPL as its main goal: to wit, EXIM was NOT licensed under the BSD
license, so the initial author(s) had apparently determined that forcibly
opening the code was better than corporate ease of use.
Sadly the GPLv2 does not cover SaaS - a concept its authors had no clue about
in the early 1990s.
But I don't believe your claims that this is SaaS. This is distributing a
modified program against its license, to your customers, that you simply
manage. Management is your service - not EXIM. Sell the management, stop
breaking the license and let me understand - and fix - why the program is being
stupid.
> Although we don't lock out the hardware owner from SSH, it's not
> allowed for them to make any modifications to the OS or any configuration
> files on the system. We take full care of the software including all OS and
> security updates.
But the spirit of open code and full understanding of why things happen is
demolished. By not being able to even _try to understand_ why things don't
work, I cannot verify that anyone else has a better idea of what is actually
wrong and actually knows how to fix them. With full openness, I can verify
that things are working as expected and immediately at least understand what
needs to be changed.
Your act to install EXIM on a server that you do not own, but that the customer
pays you to lease from them, to legally and slyly bypass the GPL, is a heinous
misuse of the legal system to further your corporate goals.
You then forbid with licensing any ability to gain a deeper understanding into
the software to ascertain why it does things that are stupid, and any attempt
to understand its method of operating without any insight into the
configuration that has caused Exim to do things. Finally, not providing
someone an easy way to change Exim's configuration and enable or disable
simplistic features.
> Hence we've added some protection against tempering with the files, to
> prevent the actual service from breaking. You can always contact our support
> for any questions.
Would they answer, with actual proper config file, "what is the un-obfuscated
configuration file you are feeding into exim to make it act strange" ?
I think it would be morally and legally better for you to sell an appliance VM
and license its use as a whole, and simply include in your ungainly terms and
conditions that a 10,000 dollar fee (adjust for local currency) will be imposed
if the customer has caused the issue. If they did, and pay you, you get a lot
more $. If they did, and won't pay you, and instead cancel the service, thats
their own fault.
Further, your legal page on your site does not even attempt to say that your
service utilizes software covered by certain third-party and open-source
licenses - a clear violation in and of itself.
Or is that another thing you don't have to do because you don't sell an
appliance box...
I wish our customers did not decide to switch from RedCondor to Spamexperts; at
least the RedCondor box didn't co-opt a great GPL SMTP software, modify it,
attempt to claim it didn't distribute it, and then get all licence-happy and
restrict understanding of the previously freely modifiable code.
--
Configure bugmail:
http://bugs.exim.org/userprefs.cgi?tab=email
