On 06/18/2018 03:56 AM, Florian Weimer wrote: > libxcrypt contains some code from OpenSolaris to implement their > password hashing. It's licensed under the CDDL: > > /* > * CDDL HEADER START > * > * The contents of this file are subject to the terms of the > * Common Development and Distribution License, Version 1.0 only > * (the "License"). You may not use this file except in compliance > * with the License. > * > * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE > * or http://www.opensolaris.org/os/licensing. > * See the License for the specific language governing permissions > * and limitations under the License. > * > * When distributing Covered Code, include this CDDL HEADER in each > * file and include the License file at usr/src/OPENSOLARIS.LICENSE. > * If applicable, add the following below this CDDL HEADER, with the > * fields enclosed by brackets "[]" replaced with your own identifying > * information: Portions Copyright [yyyy] [name of copyright owner] > * > * CDDL HEADER END > */ > /* > * Copyright 2003 Sun Microsystems, Inc. All rights reserved. > * Use is subject to license terms. > */ > > The rest of the library is a combination of 3-clause BSD, 2-clause BSD > (ISC), LGPLv2+, CC0 or a public domain dedication, > > Applications do not link to this code directly, but they will use it > automatically if needed, e.g. if /etc/shadow contains passwords hashed > in this way. > > Is this a problem? I think we could patch libxcrypt to remove support > at run-time if necessary, with little practical impact. Well, it is a problem for any consumer of libxcrypt that is GPL licensed. Since it seems quite a lot of things depend on libxcrypt in Fedora (and it also seems extremely unlikely that Fedora will ever need to support OpenSolaris password hashing), I would recommend that libxcrypt be patched to not include that code (a ./configure option that results in it not being compiled in the library should be sufficient). hth, ~tom _______________________________________________ legal mailing list -- legal@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to legal-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/legal@xxxxxxxxxxxxxxxxxxxxxxx/message/KCDXNZJQ4S24NVB6OUPDGQA2VF53YZIT/