On Wed, Nov 10, 2010 at 05:07:40PM -0800, Julius Davies wrote: > Cryptix32 is a very old java project. I think development stopped > back in 2000. Nonetheless it's a real challenge for our license > detection tools. I'm curious what you guys think, but don't waste > time on it if you're busy. Here is the source file that's tripping up > our tool. I've also included the project LICENSE.TXT for reference: > > http://juliusdavies.ca/cryptix-3.2.0/src/cryptix/provider/cipher/DES.java > > http://juliusdavies.ca/cryptix-3.2.0/LICENCE.TXT > > > At the very bottom of the DES.java file I see a variation of BSD4 > appearing for two different copyright holders (1995 and 1996), > although it's missing the "non-endorsement" clause. > > Meanwhile interspersed in the code I see "Copyright 1997 All Rights > Reserved" with no license and with again different copyright holders. > > Finally, the "LICENSE.TXT" that the project ships is BSD2 and shows > yet again another copyright holder. > > > > If I go by Spot's "cascading licensing rules" tips on the wiki, I > guess I would conclude it is the least open-source-compatible license > possible, since 1997 is the latest date in the source file! > > > 1997 - All Rights Reserved > > > > And yet all these mixed messages make me suspect the license is truly > BSD2 as specified in LICENSE.TXT, just poorly specified. So I have > three academic questions for the experts: > > > 1. Without contacting the copyright holders, what would you conclude? > BSD4 without non-endorsement? Or BSD2? Or just "All rights > reserved" ? I don't think this one is as cryptic (pardon the pun) as you're suggesting. I'd conclude (just based on this one source file and the LICENSE.TXT file you've provided) that what we have is a mixture of different permissive licenses, with the most restrictive ones being the Eric Young-type licenses at the end (which might be notated BSD4 in Fedora convention, I'm not sure, though as you note it's not exactly the same as the classic 4-clause BSD license). It seems reasonable to assume that the named copyright holders in the file that don't state a license intended to apply the license of the Cryptix project, based on how those copyright notices are worded. > 2. Is this the kind of situation where contacting the copyright > holders for clarification is necessary? I wouldn't consider this case to be one of the ones that require such clarification. > 3. And, hypothetical question, what if contacting the copyright > holders was impossible? In this case, or generally? In this case I don't think it's a real problem. - RF _______________________________________________ legal mailing list legal@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/legal