SSL-Explorer Community Edition ??

Hi,

Where did the SSL-Explorer Community Edition web page disappear??

When I try the old link I get to the Enterprise Edition page.

-gunck4

I am with the same problem.

What happened with the SSL-Explorer Community Edition?

Since the 0.2.0 release there have been 3 editions of SSL-Explorer. The GPL edition which is distributed in a source code archive, the Community Edition which is a set of binaries for easy installation onto various systems and of course the Enterprise Edition which has additional features over and above that provided by the Community Edition. We have recently taken a decision to limit the exposure to the Community Edition from our company website in light of some recent developments that were brought to our attention.

This was not a particularly easy decision to make but was rather forced upon us by the acts of a number of third parties who have committed blatant and wholesale copyright infringement against our product, its associated documentation and our website. I?m pleased to say that this is something that we as a business have been rather foresighted in protecting and we are currently pursuing these individuals by legal means.

While we have no particular issue with a third party or VAR selling the Community Edition as part of a ?value-added? appliance solution, we always like to work with the vendors and ensure that our trademarks and copyrights are respected in order to promote the brand in the wider populace. In addition to this they also of course have to comply with the license terms of the GNU General Public License (GPL) in full. Considering what we have invested into the project so far and given away for free the last few years, this is not a great deal to ask.

Unfortunately when situations like these arise, this means that we have to divert our attention from product development and promotion to ensuring that our own interests are protected. As a consequence of this it led to us questioning whether the current licensing strategy that we have utilised in SSL-Explorer is still the best choice for the future of the product and our company.

Here at 3SP we love open source software and it has been a fantastic tool in helping us bring SSL-Explorer to market but open source works best when there is a community of developers working together and sadly code contributions to the product have been lacking. To date the Enterprise Edition has existed as a set of extensions to the open source core, and all updates to both products have been released at the same time to the benefit of all users.

In order to protect the company?s investments and our customer?s interests we have taken the decision to branch the Enterprise Edition and look to the community for further contributions to the open source code base. The source code will still be available on the SSL-Explorer SourceForge project and we encourage users to contribute patches for the benefit of the community.

It is with some regret that we have had to make these changes but for the longevity of the product we feel it is necessary. I hope that our users will understand our situation and the reasons for which we have made this change.

Hi,

Does this mean that you won't be posting RC18 to Sourceforge? I ask because on my 64 bit system this is the only version that I have been able to install. The installer in the Enterprise Edition crashes on my system ...

.

Thanks!

Everything good has an end. Actually it was the GPL edition I was talking about too.

-gunck4

Interesting choice of direction.

My understanding is that SSL Explorer Enterprise edition is a GPL-licensed project that includes non-GPL, separate modules on top of the GPL-licensed codebase. In addition, the GPL codebase is GPL licensed not only because 3sp decided to make it GPL, but also because it includes other GPL-licensed code within the codebase.

The reason for my rambling is this: if SSL Explorer 1.0 RC 18 has been released for public download, the *source* *code* for 1.0 RC 18 must be released as well. Of course, this does not have to come in the form of a precompiled "community edition", but merely as source code.

However, I would like to have the RC 18 code. From what I can see at SourceForge, this code is not available. When will this code be made available? Or is 3sp deciding to make *no* code available under the GPL?

It looks like 3sp is asking that a Red Hat/CentOS style split be made between the SSL Explorer product and the GPL codebase (by mentioning their trademarks, etc.). It is certainly within their right to do this.

Am I missing something? Does the SSL Explorer contain no other GPL code and therefore 3sp has the right to unilaterally change licenses? Or something else? Or will the RC 18 code be made available?

Am I missing something? Does the SSL Explorer contain no other GPL code and therefore 3sp has the right to unilaterally change licenses? Or something else? Or will the RC 18 code be made available?

SSL-Explorer does not contain any third party GPL source code. All source code distributed under the GPL was developed by 3SP. Therefore we have the right to place any license we desire onto the codebase.

We will no longer be distributing our source code under the GPL. We welcome community contributions under the GPL to continue the development of the GPL edition of SSL-Explorer. We have no plans to request copyright assignment on these contributions should they be forthcoming and are happy for these to continue under the SSL-Explorer trademark as long as these do not conflict with our commercial interests.

martianx wrote:

SSL-Explorer does not contain any third party GPL source code. All source code distributed under the GPL was developed by 3SP. Therefore we have the right to place any license we desire onto the codebase.

I cannot say anything either way regarding the accuracy of the 100% internally developed, but assuming that this is true, you are also 100% correct: it is your code to do as you wish. Given that we *have* the source for RC17, I guess we can see for ourselves. For now, I'll take your word for it!

So, in short, given that there is no third-party GPL code in SSL Explorer, we have what GPL code we already have (RC 17), 3sp is in full compliance with the GPL and there will be no future versions forthcoming from 3sp. Fair enough.

martianx wrote:

We will no longer be distributing our source code under the GPL. We welcome community contributions under the GPL to continue the development of the GPL edition of SSL-Explorer. We have no plans to request copyright assignment on these contributions should they be forthcoming and are happy for these to continue under the SSL-Explorer trademark as long as these do not conflict with our commercial interests.

How exactly is that going to work? You're going to be moving forward (in fact, already have) with development on your closed-source code. How are contributions that will require you to distribute them in a GPL-only fashion going to be interesting (or even *usable*) to your product? Never mind the fact that if a community *does* spring up around the previous GPL code, you're going to have two rapidly diverging codebases...

Sounds like we're looking at a Mambo/Joomla style split...

Well, I actually do understand this decision, but would like to see a more flexible license model. E.g. you could provide a core version of SSL-Explorer which is similar to the current (former) Community edition, but expandable as needed. Or maybe change the Community edition to something like an Express edition which is, of course, cheaper than the full Enterprise one. Just my two cents.

If someone wants to contribute to the GPL code to fix bugs and ensure the continuation of the Community/GPL Edition in its current form then this is what we would support. If someone wants to start development on new features and effectivley become competition to our commercial product then this would not be acceptable under our brand.

I guarantee you that anyone who is interested enough in the product to get up to speed enough to fix bugs will want to add features, too!

And some of those features will, no doubt, compete with features in the Enterprise product. If they weren't features worth having, they wouldn't have been kept back for the Enterprise product!

Of course we cannot prevent that from happening because the source code is out there and developers can branch but we would simply not allow this to happen under the name of SSL-Explorer. That said, what benefits will there be in someone doing that? they cannot sell the source code because its GPL they would have to come up with an alternative model to raise revenue if this was anything more than a part time hobby and considering the pace our product would be moving at, this does not look like an attractive option to any open source developer.

The logic behind this is no different than that behind Joomla (or CentOS, or OpenPBX/CallWeaver or egcs...). They can't sell the code either; but it's worth it to enough people to support the project. It isn't about keeping pace with the Enterprise product feature-for-feature. The community edition is *already* behind. Why would that change now?

And it is clear that such a fork will have to have all references to SSL Explorer removed. Again, just like Mambo/Joomla. There are all kinds of similar examples as well. And for every project where the fork takes off, there are a dozen that don't.

Whether there is enough interest from the community for a GPL-only fork to become successful is an open question. SSL Explorer was the only complete, web-based SSL tunnel system I am aware of. You would think that this alone would make it interesting to some people (such as me, frankly) to see it continue. But we'll have to see...

Just as an aside, I appreciate your clear, honest answers. I have to admit that I am disappointed by your decision to discontinue distributing your code under the GPL, but that is very much your right. Thank you for stating your position clearly, so that each individual can now figure out where they want to go from here...

The home page still touts "Find out more about our open source, clientless SSL VPN solution, SSL-Explorer."

This is misleading.

Thanks for pointing that out. We are not trying to mislead anyone, the announcement was made this week and we're in the process of changing all references to open source. An entire new website is going live soon which will address all these issues.

I'm curious to know how this impacts the recently announced "Free" enterprise license. What is the plan in that regard to those of us who took advantage of that offer?

I really hate that this has happened, but I completely understand and respect your decision in this matter.

This does not impact the free 2 user Enterprise Edition license at all. This license is still available and will not be revoked. This announcement relates to the availablity of open source code and binaries only, the Enterprise Edition remains unchanged.

Thanks for the clarification. That's excellent news to me!

What about the rpath appliance as iso file? Will this be available/supported in the future? I realy like a fresh install from iso more than using the vmware.zip ... but I can not find any iso download?

About the license change: saw this with nessus, snort etc.
Sad that this is necessary but I do understand it and hope you will compete well in the ssl vpn market.

Due to closing the open source part down, we had to remove the appliance builds as well, as they were using the open source free rPath builds, but we have licensed the Commercial rPath software and we shall soon be publishing the Enterprise build as an Appliance soon, once we get the last couple of bugs out of the rPath build system.

Hi

I understand the situation but what is the future of the opensource version ?
I mean, I saw now the only version available is the rc17, do you have some
plan to provide some fixes related for example to security bugs or something like that ?

I think you have not stated any clear plans to it.
Is it a 3sp supported project or is up to the (future) community some eventual bugfixes or code improvement ?

Thx for any clarification .

Hi all!

For me the discontinuing of SSL-Explorer community edition has been a disappointment. I believe that the lack of community contributions to SSL-E has not been caused by lack of interest, but rather by lack of means to participate in it's core development. The fact that SSL-E has been translated (according to my knowledge) to several languages shows that there _is_ indeed interest from the community - when it is given the means to participate. The main problem is probably the incompability of SSL-Explorer as a 3sp controlled product and the distributed open source development process where developers are more or less equal and can participate easily.

But now to the point... I created a fork of SSL-Explorer-1.0.0-rc17 last weekend and it's almost ready to be distributed. I'll include the details below so that 3sp guys can tell me if there's something else that needs to be done so that the fork does not violate your trademarks, copyrights or anything else. So what I've done so far:

- all references to SSL-Explorer in it's every form (variable names, java code, html files, directory names) have been removed
- all 3sp-related functionality (e.g. extension store, feedreader) have been disabled
- copyright notices in source files and elsewhere have _not_ been removed, as 3sp is the copyright owner
- most of the icons (90%) have been replaced with CCL (freely usable) icons from the Tango project or with custom icons based on them
- most readmes and help files without a specific license statement have been removed

This new project is not yet hosted anywhere, but once the non-technical issues (see above) are sorted out I'll create a project, probably into Sourceforge.net for best visibility. If you wish to participate in this project drop a mail to mmattson 1980 at yahoo com or wait a while until I get the project hosted somewhere. There's lot to do (documentation, graphics, coding...) so all help is more than welcome! I'll probably get the project going in a couple of weeks or within a month in worst case.

Glad to see that someone has take over the project.

The point of continuing the development of the community version is related
to fix bugs.

I don't know if you have the required skills (eg. java development), but i think they are a must to going on.

I' not e java fan nor a java developer, but i could help in any other aspect of the development process, for example:

1) graphics
2) scripting
3) testing

Let me know if you need my help.

Thx,
Davide

That makes three of us after just 6 hours, not bad. All help is more than welcome, especially graphics work! If you can do documentation that's great too! I'll start the Sourceforge bureaucracy tomorrow so that we can actually get things done.

Would you send email to mmattson 1980 at yahoo com ... I don't think 3sp is/will be very happy with us organizing this project on their forums. And 3sp... if it is ok, let us know. It would make our life easier until we get the project site up.

I've created a new Sourceforge project "OpenConduit". It takes a while before it's approved, but I'll inform when the project page is up. Many more people have already volunteered to help since I wrote my last message here. Everybody is welcome, no matter what skills you have, even if just to read the mailing list(s) or hang around in IRC.

The project was first approved and then silently deleted. It seems that OpenConduit is related to Palm's Hotsync technology, which is probably the reason for it's deletion. If you have naming suggestion please drop me an email so we can get the project going.

What do you think about "sslinside" ?

Have fun,
Davide

How about sslVoyager or sslConnect?

I'll give a list of current suggestions that are not in this thread yet:

SSL-Outpost
OpenOutpost
SSL-Wire
SafeTransport
VPN Surfer

All these are somewhat related to the programs function; we could also choose a name that does not try to describe the program. Something similar to Gimp, Pidgin, Firefox... In any case I think it's best to make sure that there's no way to associate the new name with SSL-Explorer, just in case.

Please tell what you think, this lack of name is currently holding everything back.

SSL-Outpost <-- Good
OpenOutpost <-- Not bad
SSL-Wire <-- maybe exists
SafeTransport <-- maybe exists
VPN Surfer <-- maybe exists/ not too original

What about "SSL-Insider" ?

SSL-Outpost and OpenOutpost - there is Outpost Firewall from Agnitum - http://www.agnitum.com/
SSL-Wire - don't like because L - Layer in SSL and Wire seems to be close for me.
VPN Surfer - Surfer is good for client software and we speak about server.

My suggestion:
seaShell - clear, easy to remember. Related to primary function - shell for the network. The icon for the project may look like sea shell.

Another name has been suggested:

"Seashell" (or "Seashell VPN")

It would make a nice logo and it sounds quite secure. Plus some seashells contain pearls

. The only grumble I have with this name is it's similarity with the Unix shell. Luckily Unix shell logos are usually just black monitors, not seashells. I think it could work. Following the same naming theme I came up with "Sea star" or "Starfish". The first one sounds like a boat or a ship, the other one is too "fishy".

We could also choose a more descriptive name in some other language. That way the probability for a name clash with some commercial product is much less likely. The name would have to be easy to pronounce and remember. For example in Italian:

castello (=castle)
forte (=fort)
avanposto (=outpost)
androne (=gateway)

The last two describe SSL-E's function best. We could add VPN to the end if it sounds better. Then some less used terms from medieval fortification terminology. The first two are in my opinion best, but the second one is a bit too "french":

portcullis (the iron lattice in the gatehouse)
enceinte (the walls and towers of a castle, fort or a fortified city)
bretèche (a defensive structure that projects out of the wall to protect wall's base)
bartizan (a small tower-like structure on the wall)

Let me know what you think of the suggestions given so far.

Could someone finalize the Tango icon set? I replaced about 400 icons out of 440. There are some left which have to be replaced:

- an icon for "policies"
- an icon for IP-restrictions (the firewall icon)
- the license icon (a scroll)
- an icon for "profiles"
- an icon for "access rights"
- some window control icons (collapse, close, expand, maximize)

If you're interested mail me and I'll send you my modified Tango icon set and the remaining gif's. I used Inkscape as the editor and it's really easy to use. It took me only a day to replace the 400 icons even though I hadn't used Inkscape before. You don't have to bother with converting or installing the icons - I have written all the necessary scripts.