On 2/3/07, Bob Relyea <rrelyea@xxxxxxxxxx> wrote:
Actually I'm using Mozilla versions of these files. Mozilla went through the work to get these from RSA under the tri-License. It's the only source of PKCS #11 headers I would trust to be licensed under GPL or LGPL.
OK... As it suits you. Mozilla license is incompatible with LGPL... Just taking the files from there does not make you OK. There was a discussion regarding this issue in the past, and they simply choose to ignore the problem... Please notice that they have: * Copyright (C) 1994-1999 RSA Security Inc. Licence to copy this document * is granted provided that it is identified as "RSA Security In.c Public-Key * Cryptography Standards (PKCS)" in all material mentioning or referencing * this document. And do not propegate it to their copyright. You removed this...
I'm rather worried about an outside implementation. If the PKCS #11 headers you have were derived from the spec, then they are derived from RSA copy written material and would suffer from the attribute clause (they become derived works).... even if an explicit RSA copy write is not in the headers themselves.
We had a long discussion on this issue. http://www.mail-archive.com/opensc-devel%40lists.opensc-project.org/msg01151.html I could not find the first message... But the copyright of a book is a different than the copyright of a program/source. So in order to be on the safe side rewrite the source from the book seems a good solution.
Because of License. Mozilla got permission from the copywrite holder to release those headers under the mozilla tri-license.
But you don't distribute your files under this license... I am confused.
In practice I don't think is out to sue people who use PKCS #11, but I have to maintain a pretty clean license pedigree, and I know that the pkcs11 header files in mozilla have been appropriately vetted.
As you wish... But all OpenSC projects, and dependencies (OpenVPN, OpenSSH, gnupg-pkcs11-scd, qca-pkcs11), scute are using the open source PKCS#11 rewrite. A lot of time and effort have been invested to reach a stable none rsa copyright/derived work sources. I recommend to use it in this project as well. At the end it is your decision... But if you choose to use derived work of RSA Security, you must modify your license. I think my patch shown that it the incompatibility was on your side, adding none standard structure to C_Initialize, other than that all was supported. Best Regards, Alon Bar-Lev. _______________________________________________ Coolkey-devel mailing list Coolkey-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/coolkey-devel
