[Coderpunks distribution removed] Anonymous wrote:

For the clueless or history deficient

C2 gots its start by purloining without compensation Ben Lauries Apache-SSL patches.... Sameer used these and then had the fucking gall to remove source from apache-ssl for the mod_ssl.c... all was rosy until Ralf releases a mod_ssl.c of his design... result??

I've heard a number of descriptions of the history of Apache-SSL-US (later Stronghold) over the years, but Anon's version of history is not supported by the facts. First of all, Stronghold does not use a line of Ben's Apache-SSL code. Hasn't for years. C2Net switched to the Sioux code base when they acquired Sioux from Thawte. Which was a long time ago.

C2's business worldwide took a nose dive...(layoffs etc) so now Sameer is trying to coopt Ralf's mod_ssl.c project (mark my words if Sameer gets his way the source for future verions will NOT be available no matter what he says now...) I seen it happen once so now when the litte sob trys it again I am blowing the whistle...(and retelling history openly) how about it Sameer are you now going to Sue the Mix network:) ?

[Out of courtesy, I won't comment on C2Net's present difficulties other than that they have little to do with mod_ssl]. Fast forward a few years. Ralph releases mod_ssl, by all accounts a very well done SSL integration with Apache. mod_ssl implements some much overdue cleanups that for whatever reasons never made it into Ben's Apache-SSL. I don't know if C2Net is moving to use mod_ssl, but given the quality of the module, I would not be surprised. Either way, mod_ssl is under BSD-style license and C2Net is free to use mod_ssl in their commercial products. Meanwhile, troubles developed in SSLeay land. The entire recent discussion about OpenSSL on the various lists must be rather confusing if one doesn't know the current status of SSLeay. [Hint: it would be really nice if this finally was announced by those who should be doing the announcement. Which isn't me]. Suffice to say that it is unlikely in the extreme that SSLeay or the SSLapps will continue to be maintained by their original development team, Eric Young and Tim Hudson. Rather than complain about this turn of events, let's all thank Eric and Tim for the awesome work they performed for cryptographic freedom and the Internet community. Big thanks guys! Those that feel inclined to complain about the situation are strongly encouraged to write an open source software implementation of the importance, complexity, and size of SSLeay prior to voicing their complaints. With future SSLeay development in limbo, somebody needs to ensure continued development. Unfortunately, the launch of such a framework was overshadowed by Sameer and Ben slugging out their personal differences on mailing lists. It was silly and downright rude for anyone to announce the formation of such a group before first giving the usual suspects a courtesy heads-up. But this too will hopefully be water under the bridge before long (just please remember it for the next time). Meanwhile, the best of wishes for the OpenSSL project. [Disclaimer: I am an ex-C2Net employee] Happy holidays, --Lucky