[Fedora-legal-list] CDDL in system library

libxcrypt contains some code from OpenSolaris to implement their password hashing. It's licensed under the CDDL: /* * CDDL HEADER START * * The contents of this file are subject to the terms of the * Common Development and Distribution License, Version 1.0 only * (the "License"). You may not use this file except in compliance * with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. * See the License for the specific language governing permissions * and limitations under the License. * * When distributing Covered Code, include this CDDL HEADER in each * file and include the License file at usr/src/OPENSOLARIS.LICENSE. * If applicable, add the following below this CDDL HEADER, with the * fields enclosed by brackets "[]" replaced with your own identifying * information: Portions Copyright [yyyy] [name of copyright owner] * * CDDL HEADER END */ /* * Copyright 2003 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ The rest of the library is a combination of 3-clause BSD, 2-clause BSD (ISC), LGPLv2+, CC0 or a public domain dedication, Applications do not link to this code directly, but they will use it automatically if needed, e.g. if /etc/shadow contains passwords hashed in this way. Is this a problem? I think we could patch libxcrypt to remove support at run-time if necessary, with little practical impact. Thanks, Florian