On 06/28/2018 05:53 PM, Tom Callaway wrote:
On 06/27/2018 01:09 PM, Severin Gehwolf wrote:
Hi,
I'm reviewing OpenJDK and licensecheck pointed me at:
http://hg.openjdk.java.net/jdk/jdk/file/cf09f0b56efd/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/pkcs11.h
to be NTP. Is "NTP" this license?
https://opensource.org/licenses/NTP
If that's the case, why isn't it listed in the "Good Licenses" list here?
https://fedoraproject.org/wiki/Licensing:Main?rd=Licensing#Good_Licenses
What's the license of the above file?
Teasing this apart:
1, The "NTP" license is just the MIT license, which is why we do not
have "NTP" in our Good License list.
2. That file (pkcs11) is not under the NTP variant of the MIT license.
It could be argued that it is a variant of the NTP variant of the MIT
license... but that road leads to madness, and since the SPDX model
frowns upon the ideas of variants... The wording is unique enough to
merit adding it as a new license for the list, so I have done so,
calling it "RSA".
So just swap "RSA" for NTP in that OpenJDK license list.
I believe the declaration of this license as GPL-compatible is
inconsistent with this:
https://fedoraproject.org/wiki/Licensing:FAQ#What_about_the_RSA_license_on_their_MD5_implementation.3F_Isn.27t_that_GPL-incompatible.3F
The license text in the RFC is this:
“
License to copy and use this software is granted provided that it is
identified as the "RSA Data Security, Inc. MD5 Message-Digest Algorithm"
in all material mentioning or referencing this software or this function.
License is also granted to make and use derivative works provided that
such works are identified as "derived from the RSA Data Security, Inc.
MD5 Message-Digest Algorithm" in all material mentioning or referencing
the derived work.
RSA Data Security, Inc. makes no representations concerning either the
merchantability of this software or the suitability of this software for
any particular purpose. It is provided "as is" without express or
implied warranty of any kind.
These notices must be retained in any copies of any part of this
documentation and/or software.
”
In the header file, it reads:
“
License to copy and use this software is granted provided that it is
identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
(Cryptoki)" in all material mentioning or referencing this software.
License is also granted to make and use derivative works provided that
such works are identified as "derived from the RSA Security Inc. PKCS
#11 Cryptographic Token Interface (Cryptoki)" in all material mentioning
or referencing the derived work.
RSA Security Inc. makes no representations concerning either the
merchantability of this software or the suitability of this software for
any particular purpose. It is provided "as is" without express or
implied warranty of any kind.
”
RSA's waiver mentioned in the FAQ only applies to the MD
implementations, not other code that has been published under this license.
Thanks,
Florian
_______________________________________________
legal mailing list -- legal@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to legal-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/legal@xxxxxxxxxxxxxxxxxxxxxxx/message/XDR6SDC4JEPDY4CGT4AI5MTI6KV46PQA/