Legal Problem: md5 implementation
by Tom Callaway
Some of Fedora's packages are using an MD5 implementation which is under
a GPLv2/v3 incompatible license, specifically, the RSA implementation
which is under BSD with advertising.
You can look at this code here:
http://www.tux.org/pub/security/md5/md5.c
http://www.tux.org/pub/security/md5/md5.h
We've identified packages which are possibly using this implementation,
and all maintainers are on CC. Please take a moment to look at your
packages and check to see if this md5 implementation is used.
GeoIP
abiword
cinepaint
cook
dietlibc
dclib
fedora-ds-base
gammu
gnome-pilot-conduits
gnumeric
htdig
inn
isdn4k-utils
libosip
libosip2
mail-notification
mysql
ser
ssmtp
wv
xdelta
If your package is on this list, please email me back and let me know
once you've checked the md5 implementation. If it is the RSA
implementation, we're going to need to replace it (coreutils has a GPL
compatible implementation that should be a drop in). If your package is
not under GPL or LGPL, then there is no problem, and you can just email
me and let me know that.
Thanks in advance,
~spot
15 years, 11 months
- 6
- 22
non-English licenses
by Jens-Ulrik Petersen
Hi,
I want to ask what to do for potential new content (packages) with a
license written in a language other than English?
I am asking since I am currently looking at a potential Japanese font to
submit for review but it only has Japanese documentation with it. I can
try to ask the maintainer but I wanted to ask for guidance since I guess
this problem will happen increasingly.
Jens
16 years, 1 month
- 1
- 0
- ← Newer
- 1
- Older →