[Fedora-legal-list] a java license puzzler (not a fedora package though)

Richard Fontana rfontana at redhat.com
Thu Nov 11 02:13:24 UTC 2010 

On Wed, Nov 10, 2010 at 05:07:40PM -0800, Julius Davies wrote:
> Cryptix32 is a very old java project.  I think development stopped
> back in 2000.  Nonetheless it's a real challenge for our license
> detection tools.  I'm curious what you guys think, but don't waste
> time on it if you're busy.  Here is the source file that's tripping up
> our tool.  I've also included the project LICENSE.TXT for reference:
> 
> http://juliusdavies.ca/cryptix-3.2.0/src/cryptix/provider/cipher/DES.java
> 
> http://juliusdavies.ca/cryptix-3.2.0/LICENCE.TXT
> 
> 
> At the very bottom of the DES.java file I see a variation of BSD4
> appearing for two different copyright holders (1995 and 1996),
> although it's missing the "non-endorsement" clause.
> 
> Meanwhile interspersed in the code I see "Copyright 1997 All Rights
> Reserved" with no license and with again different copyright holders.
> 
> Finally, the "LICENSE.TXT" that the project ships is BSD2 and shows
> yet again another copyright holder.
> 
> 
> 
> If I go by Spot's "cascading licensing rules" tips on the wiki, I
> guess I would conclude it is the least open-source-compatible license
> possible, since 1997 is the latest date in the source file!
> 
> 
> 1997 - All Rights Reserved
> 
> 
> 
> And yet all these mixed messages make me suspect the license is truly
> BSD2 as specified in LICENSE.TXT, just poorly specified.  So I have
> three academic questions for the experts:
> 
> 
> 1.  Without contacting the copyright holders, what would you conclude?
>  BSD4 without non-endorsement?   Or BSD2?   Or just "All rights
> reserved" ?

I don't think this one is as cryptic (pardon the pun) as you're
suggesting. I'd conclude (just based on this one source file and the
LICENSE.TXT file you've provided) that what we have is a mixture of
different permissive licenses, with the most restrictive ones being
the Eric Young-type licenses at the end (which might be notated BSD4
in Fedora convention, I'm not sure, though as you note it's not
exactly the same as the classic 4-clause BSD license).  It seems
reasonable to assume that the named copyright holders in the file that
don't state a license intended to apply the license of the Cryptix
project, based on how those copyright notices are worded.

> 2.  Is this the kind of situation where contacting the copyright
> holders for clarification is necessary?

I wouldn't consider this case to be one of the ones that require such
clarification.
 
> 3.  And, hypothetical question, what if contacting the copyright
> holders was impossible?

In this case, or generally? In this case I don't think it's a real
problem.

 - RF

More information about the legal mailing list