(forw) Question about RSA licence

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

(forw) Question about RSA licence

Eric Dorland
Hello,

Ludovic Rousseau sent a mail to me, and the debian-legal list about
license problems with OpenSC. It seems there are header files that are
not licensed under the LGPL and are licensed under some RSA
license. The thread is here:
http://lists.debian.org/debian-legal/2005/09/msg00537.html. There
seems to be conflict between the LGPL and this RSA license (please see
the thread). Do you guys have any thoughts on this? Is it possible to
resolve?

--
Eric Dorland <[hidden email]>
ICQ: #61138586, Jabber: [hidden email]
1024D/16D970C6 097C 4861 9934 27A0 8E1C  2B0A 61E9 8ECF 16D9 70C6

-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS d- s++: a-- C+++ UL+++ P++ L++ E++ W++ N+ o K- w+
O? M++ V-- PS+ PE Y+ PGP++ t++ 5++ X+ R tv++ b+++ DI+ D+
G e h! r- y+
------END GEEK CODE BLOCK------

Hello, please Cc: me on replies,

The opensc package includes rsaref headers [0] from RSA. The RSA disclaimer has
been
added in a new upstream version [1] and should be included in a next Debian
opensc package.

The RSA disclaimer is [2]:

 " Regarding the header / include files:

    License to copy and use this software is granted provided that it is
identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
(Cryptoki)" in all material mentioning or referencing this software or this
function.

    License is also granted to make and use derivative works provided that such
works are identified as "derived from the RSA Security Inc. PKCS #11
Cryptographic Token Interface (Cryptoki)" in all material mentioning or
referencing the derived work.

    This software is provided �AS IS� and RSA Security, Inc. disclaims all
warranties including but not limited to the implied warranty of
merchantability, fitness for a particular purpose, and noninfringement. "

I found a reference to a similar licence in [3] about the md5 implementation
from RSA. But I did not find an explanation about if or why it was non-free.

My questions:
- is this licence DFSG compliant? I would say yes but the (re)distribution right
is not explicitely given.

- is this licence GPL compatible? I would say no since it has the same problem
than the original BSD licence [4].

Thanks,

[0] http://www.rsasecurity.com/rsalabs/node.asp?id=2133
[1] http://www.opensc.org/opensc/browser/trunk/src/pkcs11/rsaref/
[2] http://www.rsasecurity.com/rsalabs/node.asp?id=2133#disclaimer
[3] http://lists.debian.org/debian-legal/2005/02/msg00110.html
[4] http://www.fsf.org/licensing/licenses/index_html#OriginalBSD

--
Ludovic Rousseau                           [hidden email]
-- Normaliser Unix c'est comme pasteuriser le Camembert, L.R. --

_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel

signature.asc (196 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: (forw) Question about RSA licence

Andreas Jellinghaus-2
Hi Eric,

first: don't worry about applications like gpgsm that might
link with opensc - to be exact: libopensc1. those are not
affected, since the header is only used for opensc-pkcs11.so,
and any application using the pkcs#11 interface already
has the same license used on it's side of the interface.

second: good news! mozilla has those header files under
lgpl/mpl/gpl! bad news! they have an additional clause:

 * Copyright (C) 1994-1999 RSA Security Inc. Licence to copy this document
 * is granted provided that it is identified as "RSA Security In.c Public-Key
 * Cryptography Standards (PKCS)" in all material mentioning or referencing
 * this document.

I mailed debian-legal about that, too, so we can wait
what the experts think of it.

I'm not sure if switching the header files will do any good, since
the one clause that causes problems is in both versions. also the mozilla
version seems to be older (v2.0 or v2.11 with some v2.20 api definitions,
versus current real v2.20 header files).

Andreas
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel