Re: [PATCH] RSA license removal

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


On 2/3/07, Bob Relyea <rrelyea@xxxxxxxxxx> wrote:
Actually I'm using Mozilla versions of these files. Mozilla went through
the work to get these from RSA under the tri-License. It's the only
source of PKCS #11 headers I would trust to be licensed under GPL or LGPL.

OK... As it suits you.
Mozilla license is incompatible with LGPL...
Just taking the files from there does not make you OK.
There was a discussion regarding this issue in the past, and they
simply choose to ignore the problem...

Please notice that they have:
* Copyright (C) 1994-1999 RSA Security Inc. Licence to copy this document
* is granted provided that it is identified as "RSA Security In.c Public-Key
* Cryptography Standards (PKCS)" in all material mentioning or referencing
* this document.

And do not propegate it to their copyright. You removed this...

I'm rather worried about an outside implementation. If the PKCS #11
headers you have were derived from the spec, then they are derived from
RSA copy written material and would suffer from the attribute clause
(they become derived works).... even if an explicit RSA copy write is
not in the headers themselves.

We had a long discussion on this issue.
I could not find the first message...
But the copyright of a book is a different than the copyright of a

So in order to be on the safe side rewrite the source from the book
seems a good solution.

Because of License. Mozilla got permission from the copywrite holder to
release those headers under the mozilla tri-license.

But you don't distribute your files under this license... I am confused.

In practice I don't think is out to sue people who use PKCS #11, but I
have to maintain a pretty clean license pedigree, and I know that the
pkcs11 header files in mozilla have been appropriately vetted.

As you wish...
But all OpenSC projects, and dependencies (OpenVPN, OpenSSH,
gnupg-pkcs11-scd, qca-pkcs11), scute are using the open source PKCS#11
A lot of time and effort have been invested to reach a stable none rsa
copyright/derived work sources.

I recommend to use it in this project as well.

At the end it is your decision... But if you choose to use derived
work of RSA Security, you must modify your license.

I think my patch shown that it the incompatibility was on your side,
adding none standard structure to C_Initialize, other than that all
was supported.

Best Regards,
Alon Bar-Lev.

Coolkey-devel mailing list

[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Women]

  Powered by Linux