On Tue, 2007-09-18 at 09:36 -0400, Tom "spot" Callaway wrote: > HOWEVER: RSA did make an MD5 implementation, which is under their > license (a BSD with advertising style license). If your code is using > that implementation, we need to replace it with an MD5 implementation > that is under a GPL compatible license. To clarify: Originally, the RSA MD5 implementation was released as public domain code. At some point, RSA slapped BSD with advertising on that code. If the RSA md5 implementation has this license text in it: "License to copy and use this software is granted provided that it is identified as the "RSA Data Security, Inc. MD5 Message-Digest Algorithm" in all material mentioning or referencing this software or this function." Then, it is under the BSD with advertising style license, and we need to replace that code (since we cannot legally relicense it). If for some reason, the RSA MD5 implementation does not have that license text, it can be interpreted as being in the public domain from the original release, and you do not need to replace it. This is tricky, because reverting to the public domain code would be the same as simply removing the license, and we cannot do that. ~spot _______________________________________________ Fedora-legal-list mailing list Fedora-legal-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-legal-list
