Re: Heads-up: licensing on Slashdot

From: J.M. Maurer <uwog_at_uwog.net>
Date: Wed Jan 23 2008 - 11:39:58 CET

On Wed, 2008-01-23 at 11:35 +0100, J.M. Maurer wrote:
> On Wed, 2008-01-23 at 08:35 +0100, Ryan Pavlik wrote:
> > As seen on Slashdot, we apparently have 2 obnoxious BSD's in our source
> > tree. At least one is Ispell, they didn't show the other one.
> > http://it.slashdot.org/article.pl?sid=08/01/23/0131204&from=rss
> > http://fossology.org/video/abiword.mov
> >
> >
> > Couldn't tell exactly, but it also looks like a few files might have old
> > versions of the GPL 2 in them.
>
> It's our md5 implementation. Fedora pointed me to a replacement file we
> could use. The Ispell one needs investigation.

Looking over my unread archives, I found this message from RH, which
implies our md5 implementation could fine fine after all:

"A couple of points:

The original RFC1321 reference code is here:
http://www.faqs.org/rfcs/rfc1321.html

That code is under BSD with advertising (which is GPL incompatible). The
contents of the RFC are explicitly stated to be freely redistributable
(not public domain).

In 2000, RSA clarified some of the legal issues:
http://www.ietf.org/ietf/IPR/RSA-MD-all

What they said was that:

Implementations of these message-digest algorithms, including
implementations derived from the reference C code in RFC-1319, RFC-1320,
and RFC-1321, may be made, used, and sold without license from RSA for
any purpose.

This means that the RFC1321 reference implementation can be used without
the license, and it effectively becomes Copyright only.

Accordingly, I'm going to have Fedora deal with this issue by implenting
a policy that whenever we come across C code that implements RFC-1319,
RFC-1320, and RFC-1321 (MD2, MD4, MD5) under the troublesome BSD with
advertising clause, we will be using it without license from RSA.

In English, it means that we don't need to worry about resolving these
conflicts, but we should advise upstream of the situation, and recommend
that they "use" this code without RSA's license as well, and reflect
that usage in the source code by removing RSA's license (but not RSA's
copyright)."

Marc
Received on Wed Jan 23 11:40:50 2008

This archive was generated by hypermail 2.1.8 : Wed Jan 23 2008 - 11:40:50 CET