[Fedora-legal-list] Legal Problem: md5 implementation
Tom "spot" Callaway
tcallawa at redhat.com
Mon Sep 17 20:30:10 UTC 2007
Some of Fedora's packages are using an MD5 implementation which is under
a GPLv2/v3 incompatible license, specifically, the RSA implementation
which is under BSD with advertising.
You can look at this code here:
http://www.tux.org/pub/security/md5/md5.c
http://www.tux.org/pub/security/md5/md5.h
We've identified packages which are possibly using this implementation,
and all maintainers are on CC. Please take a moment to look at your
packages and check to see if this md5 implementation is used.
GeoIP
abiword
cinepaint
cook
dietlibc
dclib
fedora-ds-base
gammu
gnome-pilot-conduits
gnumeric
htdig
inn
isdn4k-utils
libosip
libosip2
mail-notification
mysql
ser
ssmtp
wv
xdelta
If your package is on this list, please email me back and let me know
once you've checked the md5 implementation. If it is the RSA
implementation, we're going to need to replace it (coreutils has a GPL
compatible implementation that should be a drop in). If your package is
not under GPL or LGPL, then there is no problem, and you can just email
me and let me know that.
Thanks in advance,
~spot
More information about the legal
mailing list