On Mon, 2018-07-02 at 11:06 -0400, Tom Callaway wrote: > > On 06/28/2018 01:47 PM, Florian Weimer wrote: > > > > I believe the declaration of this license as GPL-compatible is > > inconsistent with this: > You're correct. The "RSA" license in that copy of pkcs11.h [1] is > possibly GPL-incompatible. I'm going to remove the assertion from the > Fedora licensing list that it is compatible and leave it as unclear. > > However, it looks like RSA handed pkcs11 over to OASIS in 2012, and > OASIS released new versions of those headers in 2016. > > http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/errata01/os/include/pkcs11-v2.40/ > > Those headers are not under the RSA license, they're under a different > license: > > Distributed under the terms of the OASIS IPR Policy, > [http://www.oasis-open.org/policies-guidelines/ipr], AS-IS, WITHOUT > ANY IMPLIED OR EXPRESS WARRANTY; there is no warranty of > MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE or NONINFRINGEMENT > of the rights of others. > > Which is clear as mud, but I believe this is the license: > > Copyright © OASIS Open 2016. All Rights Reserved. > > All capitalized terms in the following text have the meanings assigned > to them in the OASIS Intellectual Property Rights Policy (the "OASIS > IPR Policy"). The full Policy may be found at the OASIS website: > [http://www.oasis-open.org/policies-guidelines/ipr] > > This document and translations of it may be copied and furnished to > others, and derivative works that comment on or otherwise explain it > or assist in its implementation may be prepared, copied, published, > and distributed, in whole or in part, without restriction of any kind, > provided that the above copyright notice and this section are included > on all such copies and derivative works. However, this document itself > may not be modified in any way, including by removing the copyright > notice or references to OASIS, except as needed for the purpose of > developing any document or deliverable produced by an OASIS Technical > Committee (in which case the rules applicable to copyrights, as set > forth in the OASIS IPR Policy, must be followed) or as required to > translate it into languages other than English. > > The limited permissions granted above are perpetual and will not be > revoked by OASIS or its successors or assigns. > > This document and the information contained herein is provided on an > "AS IS" basis and OASIS DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, > INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE > INFORMATION HEREIN WILL NOT INFRINGE ANY OWNERSHIP RIGHTS OR ANY > IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR > PURPOSE. OASIS AND ITS MEMBERS WILL NOT BE LIABLE FOR ANY DIRECT, > INDIRECT, SPECIAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF ANY USE OF > THIS DOCUMENT OR ANY PART THEREOF. > > ***** > > That OASIS license is non-free, because it has restrictions on > modification. Which means that using these newer files is not an option. > > Assuming that the pkcs11 headers (under the old RSA license) are > GPL-incompatible, due to the "advertising" clause, and that this is a > problem, the potential resolutions I can see are: > > 1) Since OASIS was given the copyright to the pkcs11 headers from RSA, > they could waive the "advertising" clause in the old headers, which > would make them clearly GPL-compatible. > > 2) OASIS could modify their IPR to make it clear that software released > by OASIS is not subject to the restrictions on modification that their > standards documents are. (My gut is that this is unlikely.) > > 3) The OASIS PKCS 11 Technical Committee could re-release the headers > (any version) under a known Open Source license. See: > https://www.oasis-open.org/resources/open-repositories/licenses > > I've CC'd Robert Relyea here, as he is listed as a chair of that > committee. Robert, if you can assist us here, it would be greatly > appreciated. There is another implementation at e.g. https://github.com/p11-glue/p11-kit/blob/master/common/pkcs11.h I don't know how clean a reimplementation that is, from the copyright point of view. It says: /* This file is a modified implementation of the PKCS #11 standard by OASIS group. It is mostly a drop-in replacement, with the following change: ... I believe it came from libp11. It was introduced there in a commit entitled "replace rsa header files with rewrite": https://github.com/OpenSC/libp11/commit/af542d4bb621af2fe3ae6fdd20479ad04473e1bc ... which would tend to suggest that it was intended to be a cleanly- licensed reimplementation.
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ legal mailing list -- legal@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to legal-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/legal@xxxxxxxxxxxxxxxxxxxxxxx/message/Q4FUIP2RGB5M54K5S3VXEFDNIRLK5Y46/
