On Mon, 2004-11-08 at 20:44, Damien Miller wrote: > Jos Vos wrote: > > On Tue, Nov 09, 2004 at 07:23:44AM +1100, Damien Miller wrote: [snip] > > They do the same for "xmms", for example, to eliminate MP3 support > > *and also not ship MP3 source code*, due to possible legal issues. > > Then they should also chop RC4 out of OpenSSL, OpenSSH and anything else > that implements it because its legal status is near identical. Care to provide the details and perhaps post it to fedora-legal as well? I only ask, because my <stupidsmirk>keen google skills</stupidsmirk> have only turned up that RC4 is *not* patented by RSA, but only trademarked as well as a trade secret. There was apparently someone who posted RC4 equivalent code to Usenet.[1] RSA seemingly made no effort to squash it. Unlike patents, I believe you must endeavor to protect trade secrets and prevent and/or mitigate any exposure. RSA hasn't gone after anyone, nor would they likely have a case, except against the person who posted the code originally. And the code was not RSA copyrighted code, but what is usually called 'ARCFOUR' or 'Allegedly RC4' that is functionally equivalent. On the other hand, the MP3 situation is much clearer, (though still slightly murky). Thomson Multimedia's original website regarding the MP3 patents seemed to allow for free (GPL or otherwise) *decoders*, but only charge for *encoders*. That changed when Thomson changed their website (allegedly to 'clarify' the license, not change -- what bunk) that indicated that they did not want to allow for free decoders. Even though I'm not a lawyer, that's Big Red Flag(TM) in my book. So although the RC4 question isn't 100% clear to me, it is absolutely not nearly identical. The cases are quite different. [1] http://www.infosyssec.org/infosyssec/cryptalgorithms.html -- -Paul Iadonisi Senior System Administrator Red Hat Certified Engineer / Local Linux Lobbyist Ever see a penguin fly? -- Try Linux. GPL all the way: Sell services, don't lease secrets
