Date: Sun, 18 Jun 1995 12:07:20 -0700 (PDT) From: "Rodney W. Grimes" <rgrimes@gndrsh.aac.dev.com> To: mark@grondar.za (Mark Murray) Cc: FreeBSD-current@FreeBSD.Org (FreeBSD current) Subject: Re: Crypto code - an architectural proposal. Message-ID: <199506181907.MAA02177@gndrsh.aac.dev.com> In-Reply-To: <199506181821.UAA25378@grumble.grondar.za> from "Mark Murray" at Jun 18, 95 08:21:33 pm
next in thread | previous in thread | raw e-mail | index | archive | help
[CC: set to -current, we are all on there or had better be!!!] > > > > What I would like to do is remove the DES library (libdes.*) from > > > eBones/des and put it in secure/lib/libdes, where I believe it belongs. > > > > You don't state your reasons for believing this is where it belongs :-(. > > <gulp> Right. The DES library is of use to more than just eBones. I have > a des(1) that is a Sun-compatible DES-encrypter as well as an encrypting > telnet that uses this. Do you know about the BSD supplied bdes(1) command. I see no need to duplicate that functionality with a des(1). Libdes was originaly part of Kerberos on the 4.4 tape and that is why it probably ended up in eBones where it did. I can see that libdes can be used by much more than eBones, so it would be okay with me to bring in this new libdes into src/secure and place the old one in the Attic. > > And I know have another big problem with the code in there.. it is > > GPL'ed and not in the gnu subdirectory :-(. [Read copyright on fcrypt.c, > > went and read eBones/docs.original/README :-(. > > WHOAH! The Eric Young code I have is specifically _not_ GPL'ed. He has > a very permissive licence that only really prohibits relicensing. This > includes fcrypt.c. I'll tack a copy of his license to the end of this. > (Also in the README you mention, the GPL is optional. The `artistic' > license is the other option and that is pretty cool.) I am not sure of the legal stance of saying ``This program is free software; you can redistribute it and/or modify it under the terms of either:'' and then having one of them be the GPL which says: These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. I would have to consult an attorney on that... Now if Eric Young has provided a copy of this without mention of the GPL any place in it GREAT!!! And thank him for stomping out one copy of the GPV. > > Also does this code come with eBones? Should this could be maintained > > on a vendor branch? > > No. It was built to be US-DES compliant, but I got it as a separate > library including other bits and pieces (some of which may get you guys in > trouble like RSA) of crypto code. Geoff Rehmet put it into eBones as at > that time that was the only code which used it. Please be very carefull on pulling bits and pieces from packages, legalize can come back to haunt us. > A vendor branch _may_ be a good idea, but I had to do some slash-and-burn > to make it look like BSD code. (Only to the directory structure, I have > not touched a single *.[ch] file). I am not 100% sure of the issues here, > so I will follow your guidance. A) Is Eric Young maintaining this code and B) Do you think he will ever release a newer version of it. If either A or B is true we should probably do it on a vendor branch. > > > Included in the new DES code that I have (and in the old BTW) is > > > fcrypt.c, which is a faster (2-3 times) replacement for the DES-based > > > crypt(3) we are currently using. I would like to include this fcrypt.c > > > in libdes to reduce the number of libraries produced. > > > > That would make libdes GPL'ed. Sorry, I can't go for that... > > Nope. See above. This is Eric Young code. I see your copyright below, that looks like the README I just looked at with the first 10 or so lines trimmed off of it. As I state above unless the GPL has been removed from all parts of him distribution IMHO, but not legally expert opinion, it is still GPL'ed code. > > > Secure telnet and other bits of code will benefit from this move/merge. > > > > Makeing telnet and other bits of code GPL'ed :-(. > > > > > What say you? > > > > Stop the GPV (Gnu Public Virus or something like that) :-( > > :-) > Here is Eric's copyright - which applies to all code I want to import: See above... Also a note you might send to Eric, saying ``see file blah blah'' for a copyright is not a very good idea. That is why UCB put the copyright in every single file. > > ------------------------------8<--------------------------------------- > Copyright (C) 1995 Eric Young (eay@mincom.oz.au) > All rights reserved. > > This package is an DES implementation written by Eric Young (eay@mincom.oz.au). > The implementation was written so as to conform with MIT's libdes. > > This library is free for commercial and non-commercial use as long as > the following conditions are aheared to. The following conditions > apply to all code found in this distribution. > > Copyright remains Eric Young's, and as such any Copyright notices in > the code are not to be removed. > If this package is used in a product, Eric Young should be given attribution > as the author of that the SSL library. This can be in the form of a textual > message at program startup or in documentation (online or textual) provided > with the package. > > Redistribution and use in source and binary forms, with or without > modification, are permitted provided that the following conditions > are met: > 1. Redistributions of source code must retain the copyright > notice, this list of conditions and the following disclaimer. > 2. Redistributions in binary form must reproduce the above copyright > notice, this list of conditions and the following disclaimer in the > documentation and/or other materials provided with the distribution. > 3. All advertising materials mentioning features or use of this software > must display the following acknowledgement: > This product includes software developed by Eric Young (eay@mincom.oz.au) > > THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND > ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE > IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE > ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE > FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL > DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS > OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) > HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT > LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY > OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF > SUCH DAMAGE. > > The license and distribution terms for any publically available version or > derivative of this code cannot be changed. i.e. this code cannot simply be > copied and put under another distrubution license > [including the GNU Public License.] > > The reason behind this being stated in this direct manner is past > experience in code simply being copied and the attribution removed > from it and then being distributed as part of other packages. This > implementation was a non-trivial and unpaid effort. > ------------------------------8<--------------------------------------- > > M > -- > Mark Murray > 46 Harvey Rd, Claremont, Cape Town 7700, South Africa > +27 21 61-3768 GMT+0200 > -- Rod Grimes rgrimes@gndrsh.aac.dev.com Accurate Automation Company Custom computers for FreeBSD
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199506181907.MAA02177>