Control: severity -1 normal
On Thu, 1 Apr 2021 23:48:51 +0200 Timo Röhling <t...@gaussglocke.de> wrote:
On Tue, 23 Mar 2021 00:44:07 +0100 Bastian Germann <bastiangerm...@fishpost.de>
wrote:
> As far as I can see, the license for NSS's PKCS#11 headers is MPL 2.0
> (DFSG-free) and not the OASIS IPR.
Well, I can see from the discussion you linked that the OASIS IPR
license is intended to apply to their work products, and not the shared
code. And they do have separate rules for their open repositories, which
default to BSD-3-Clause license unless stated otherwise [1].
However, the PKCS#11 repository [2] is not in the linked "oasis-open"
namespace on Github, there is an explicit reference to the IPR
license in that repository.
As for the MPL 2.0 license, the Mozilla upstream added that to their
version of the headers after stating that bug 1618918 had clarified the
situation, but I can't seem to access that bug [3].
Cheers
Timo
[1] https://www.oasis-open.org/open-repositories/#licensingRules
[2] https://github.com/oasis-tcs/pkcs11
[3] https://bugzilla.mozilla.org/show_bug.cgi?id=1618918
The nss PKCS#11 files have a different provenance from the OASIS ones. If Mozilla decides to license
them as MPL 2.0, that is their choice. They have a legal department who was involved and decided
they go this way. The point is, the license of the files is not the OASIS one as suggested by the
bug submitter, so the bug is invalid. I do not think the license was OASIS in any of the public NSS
releases, even though it might have been in some patch submission.
