Some of Fedora's packages are using an MD5 implementation which is under a GPLv2/v3 incompatible license, specifically, the RSA implementation which is under BSD with advertising. You can look at this code here: http://www.tux.org/pub/security/md5/md5.c http://www.tux.org/pub/security/md5/md5.h We've identified packages which are possibly using this implementation, and all maintainers are on CC. Please take a moment to look at your packages and check to see if this md5 implementation is used. GeoIP abiword cinepaint cook dietlibc dclib fedora-ds-base gammu gnome-pilot-conduits gnumeric htdig inn isdn4k-utils libosip libosip2 mail-notification mysql ser ssmtp wv xdelta If your package is on this list, please email me back and let me know once you've checked the md5 implementation. If it is the RSA implementation, we're going to need to replace it (coreutils has a GPL compatible implementation that should be a drop in). If your package is not under GPL or LGPL, then there is no problem, and you can just email me and let me know that. Thanks in advance, ~spot _______________________________________________ Fedora-legal-list mailing list Fedora-legal-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-legal-list
