On Wed, Nov 10, 2010 at 06:27:36PM -0800, Julius Davies wrote: > What got me excited was the "All Rights Reserved" which strikes me as > profoundly incompatible with any open source license. "All rights reserved" is commonly used in copyright notices even in FLOSS or (I guess a lot less commonly) open content settings, largely for historical reasons. Today, except in some fairly unusual fact patterns (which I always forget, but I think one of them involves things published in the Dominican Republic), it is superfluous. I don't like it in a FLOSS/open content setting in particular because has the appearance of being contradictory, though it really isn't. (Sometimes "all rights reserved" is used to signal that an ordinary default understanding of free licensing is not applicable. But I'm sure that wasn't the case here.) I advise Red Hat developers not to use "all rights reserved", but they don't always listen to me. :) > Maybe LICENSE.TXT trumps the "All Rights Reserved" since the "All > Rights Reserved" is such a common mistake in open source copyright > statements? It's not really a mistake. In the DES.java file you provided, it seemed to me that the copyright notices with "all rights reserved" indicated that the copyright holder was acting "on behalf of" the Cryptix project (which itself is strange, but that's a whole nother issue). To me that suggests that those copyright holders assumed that the license of the Cryptix project would apply to their contributions. So LICENSE.TXT helps you give a reasonable interpretation to those copyright notices. It's an art, not a science. :-) > And then the BSD4 clauses in this case trump the > LICENSE.TXT ? Yes, but that's because we're dealing with what we can assume is an atomic unit of source code and the only way to make sense of the mix of licenses is to assume that a licensee must comply with the most restrictive license applying to some or all of the code as well as less restrictive ones. - RF > > > > > On Wed, Nov 10, 2010 at 6:13 PM, Richard Fontana <rfontana@xxxxxxxxxx> wrote: > > On Wed, Nov 10, 2010 at 05:07:40PM -0800, Julius Davies wrote: > >> Cryptix32 is a very old java project. I think development stopped > >> back in 2000. Nonetheless it's a real challenge for our license > >> detection tools. I'm curious what you guys think, but don't waste > >> time on it if you're busy. Here is the source file that's tripping up > >> our tool. I've also included the project LICENSE.TXT for reference: > >> > >> http://juliusdavies.ca/cryptix-3.2.0/src/cryptix/provider/cipher/DES.java > >> > >> http://juliusdavies.ca/cryptix-3.2.0/LICENCE.TXT > >> > >> > >> At the very bottom of the DES.java file I see a variation of BSD4 > >> appearing for two different copyright holders (1995 and 1996), > >> although it's missing the "non-endorsement" clause. > >> > >> Meanwhile interspersed in the code I see "Copyright 1997 All Rights > >> Reserved" with no license and with again different copyright holders. > >> > >> Finally, the "LICENSE.TXT" that the project ships is BSD2 and shows > >> yet again another copyright holder. > >> > >> > >> > >> If I go by Spot's "cascading licensing rules" tips on the wiki, I > >> guess I would conclude it is the least open-source-compatible license > >> possible, since 1997 is the latest date in the source file! > >> > >> > >> 1997 - All Rights Reserved > >> > >> > >> > >> And yet all these mixed messages make me suspect the license is truly > >> BSD2 as specified in LICENSE.TXT, just poorly specified. So I have > >> three academic questions for the experts: > >> > >> > >> 1. Without contacting the copyright holders, what would you conclude? > >> BSD4 without non-endorsement? Or BSD2? Or just "All rights > >> reserved" ? > > > > I don't think this one is as cryptic (pardon the pun) as you're > > suggesting. I'd conclude (just based on this one source file and the > > LICENSE.TXT file you've provided) that what we have is a mixture of > > different permissive licenses, with the most restrictive ones being > > the Eric Young-type licenses at the end (which might be notated BSD4 > > in Fedora convention, I'm not sure, though as you note it's not > > exactly the same as the classic 4-clause BSD license). It seems > > reasonable to assume that the named copyright holders in the file that > > don't state a license intended to apply the license of the Cryptix > > project, based on how those copyright notices are worded. > > > >> 2. Is this the kind of situation where contacting the copyright > >> holders for clarification is necessary? > > > > I wouldn't consider this case to be one of the ones that require such > > clarification. > > > >> 3. And, hypothetical question, what if contacting the copyright > >> holders was impossible? > > > > In this case, or generally? In this case I don't think it's a real > > problem. > > > > - RF > > > > > > -- > yours, > > Julius Davies > 250-592-2284 (Home) > > $ sudo apt-get install cowsay > $ echo "Moo." | cowsay | cowsay -n | cowsay -n > http://juliusdavies.ca/cowsay/ _______________________________________________ legal mailing list legal@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/legal
