[Fedora-legal-list] Re: Legal Problem: md5 implementation
enrico.scholz at informatik.tu-chemnitz.de
Tue Sep 18 16:16:25 UTC 2007
"Tom \"spot\" Callaway" <tcallawa at redhat.com> writes:
> On Tue, 2007-09-18 at 09:36 -0400, Tom "spot" Callaway wrote:
>> HOWEVER: RSA did make an MD5 implementation, which is under their
>> license (a BSD with advertising style license). If your code is using
>> that implementation, we need to replace it with an MD5 implementation
>> that is under a GPL compatible license.
> To clarify:
> Originally, the RSA MD5 implementation was released as public domain
> code. At some point, RSA slapped BSD with advertising on that code.
Sure? I think it was:
* 1992, RSA added reference C code with BSD + advertising clause to RFC
* 2000, RSA changed license to allow usage of "the reference C code ...
without license from RSA for any purpose"
So, since 2000 the reference C code is dual-licensed (BSD w/ adv and
> If the RSA md5 implementation has this license text in it:
> "License to copy and use this software is granted provided that it
> Then, it is under the BSD with advertising style license, and we need
> to replace that code (since we cannot legally relicense it).
It should be enough to remove this license text (which is allowed since
2000) to make it GPL compatible. Or, to make it legally perfect, remove
the old code, take recent version of RFC 1321, copy reference code from
it and remove the license text.
More information about the legal