On 10/9/06, Tollef Fog Heen <[EMAIL PROTECTED]> wrote:
Hi, For those who don't know me, I'm one of the Debian Apache (and APR) maintainers. Some time ago, we received a bug report ( http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=340538 , but bugs.d.o is down right now, mirror at http://url.err.no/hxnxhq ) about the MD4 and MD5 implementations in apr-util being non-free and possibly distributable. I took the liberty of replacing the MD4 and MD5 implementations in apr-util with the ones from dovecot (written originally by Solar Designer and put in the public domain). They took a bit of adaption to not break the ABI or change the API. The diff is attached and also available at http://err.no/patches/apr-util-md4-md5-licence-fix.diff As I have seen earlier that public domain in some cases if problematic due to not being recognised in all jurisdictions, I have sent Solar Designer a mail asking him to licence it under the ASL or a BSD licence as well as public domain. I'll follow up as soon as I have his answer.
Ok, since it seems like the RSA code's legal status is ambiguous at best, and nobody seems to object to Roy's suggestion of picking an implementation and going with it instead of jumping through legal hoops with RSA's lawyers, that seems like the best approach to me. I'm currently planning on going with the Solar Designer implementation (originally by Colin Plumb), because it covers both md4 and md5, while all the other acceptably licensed implementations are md5 only, and we need both. Looking through your patch I did have a few questions though: There seem to be numerous places where the xlate functionality is kinda weird. You have commented out some variable declarations, and while there are some calls to xlate remaining, it seems like there are considerably less than there used to be. Is this just unfinished? Similarly there is a comment in apr_md5.c that indicates that the xlate stuff isn't done, but I do see calls to xlate in there. What's the story on this? Second, you added comments to the effect that you modified the code for use in APR. That's not usually how things are done in APR, credit for contributors goes in the CHANGES file, not in the code itself. I'm also curious how large the modifications were, if it's substantial, we'll want to get a CLA on file for you if you don't have one already. Thanks for your work on this, and I'm sorry it's taken so long to get back to it. -garrett
