Legal Problem: md5 implementation
by Tom Callaway
Some of Fedora's packages are using an MD5 implementation which is under
a GPLv2/v3 incompatible license, specifically, the RSA implementation
which is under BSD with advertising.
You can look at this code here:
http://www.tux.org/pub/security/md5/md5.c
http://www.tux.org/pub/security/md5/md5.h
We've identified packages which are possibly using this implementation,
and all maintainers are on CC. Please take a moment to look at your
packages and check to see if this md5 implementation is used.
GeoIP
abiword
cinepaint
cook
dietlibc
dclib
fedora-ds-base
gammu
gnome-pilot-conduits
gnumeric
htdig
inn
isdn4k-utils
libosip
libosip2
mail-notification
mysql
ser
ssmtp
wv
xdelta
If your package is on this list, please email me back and let me know
once you've checked the md5 implementation. If it is the RSA
implementation, we're going to need to replace it (coreutils has a GPL
compatible implementation that should be a drop in). If your package is
not under GPL or LGPL, then there is no problem, and you can just email
me and let me know that.
Thanks in advance,
~spot
15 years, 8 months
DMTF schema distribution
by Dan Smith
Hi,
I'm working on a CIM provider package where we need to ship a version
(v2.16) of the DMTF CIM schema[1] in our package. The tog-pegasus
package does this already, but with a *very* old version (v2.9) that
does not include any of the virtualization models.
The DMTF schema files are not (AFAICT) released under any particular
license, but they do have this statement at the top-level:
// DMTF is a not-for-profit association of industry members
// dedicated to promoting enterprise and systems management and
// interoperability. DMTF specifications and documents may be
// reproduced for uses consistent with this purpose by members and
// non-members, provided that correct attribution is given.
I was planning to put a separate COPYING or LICENSE file in the
directory of the tarball/RPM containing the schema, highlighting the
above and making it clear that the schema was not covered under the
LGPL license of the package.
I would like some advice on how to proceed.
Thanks!
1: http://www.dmtf.org/standards/cim/cim_schema_v216/
--
Dan Smith
IBM Linux Technology Center
Open Hypervisor Team
email: danms(a)us.ibm.com
15 years, 9 months
Encryption Export Control Documentation
by Michael Stone
Dear Fedora-Legal:
My name is Michael Stone and I'm providing tech support for OLPC's legal
team as they prepare a filing to request a 'mass-market product'
classification (ECCN 5D992) from the United States' Bureau of Industry
and Security. Specifically, I'm assisting them in filling out Supplement
No. 6 to part 742 of the Export Administration Regulations [1].
I'm writing to you because I'm wondering if Fedora has already prepared
technical documentation (e.g. lists of algorithms, keyspaces, API
documentation, etc.) that can be re-used as a part of OLPC's filing. If
so, any pointers to these documents would be much appreciated.
Thanks!
Michael
[1] Sup. 6, 742 EAR: http://www.bis.doc.gov/encryption/sup6_742.pdf
15 years, 9 months
POSIX licence
by Ding Yi Chen
Hi,
The man-pages-it has following copyright (POSIX-COPYRIGHT):
The Institute of Electrical and Electronics Engineers (IEEE) and
The Open Group, have given us permission to reprint portions of
their documentation.
In the following statement, the phrase ``this text'' refers to
portions of the system documentation.
Portions of this text are reprinted and reproduced in electronic form
in the linux-manpages package, from IEEE Std 1003.1 (TM), 2003 Edition,
Standard for Information Technology -- Portable Operating System
Interface (POSIX (R)), The Open Group Base Specifications Issue 6,
Copyright (C) 2001-2003 by the Institute of Electrical and Electronics
Engineers, Inc and The Open Group. In the event of any discrepancy
between these versions and the original IEEE and The Open Group
Standard, the original IEEE and The Open Group Standard is the referee
document. The original Standard can be obtained online at
http://www.opengroup.org/unix/online.html .
This notice shall appear on any product containing this material.
Redistribution of this material is permitted so long as this notice and
the corresponding notices within each POSIX manual page are retained on
any distribution, and the nroff source is included. Modifications to
the text are permitted so long as any conflicts with the standard
are clearly marked as such in the text.
==============================================================
Shall we consider this licence free?
Regards,
Di ng-Yi Chen
15 years, 9 months
DJB's software components
by Tom Callaway
Recently, most (all?) of Dan Bernstein's software was relicensed into
the public domain.
Please hold off on packaging and submitting these packages for review
into Fedora, pending legal advice as to whether he can actually do that
or not, under US law.
Thanks,
~spot
15 years, 9 months
