Hello, After some more background information gathering and digging the facts and looking at binaries, here's a small update with my observations:
1. There are two different eID cards in Spain, not to be mixed! - older card, Ceres, issued by the Spanish Mint, http://www.cert.fnmt.es/ - newer card, DNIe, issued by the Spanish Police, http://www.dnielectronico.es/ 2. The software for two cards is "different", with different name and different version for the binaries. mrtn:Downloads martin$ ls -l opensc-dnie/Library/OpenSC/lib/libopensc-dnie.dylib lrwxr-xr-x 1 martin staff 26 Mar 27 20:33 opensc-dnie/Library/OpenSC/lib/libopensc-dnie.dylib -> libopensc-dnie.1.0.3.dylib mrtn:Downloads martin$ ls -l opensc-ceres/Library/OpenSC/lib/libopensc-ceres.dylib lrwxr-xr-x 1 martin staff 27 Mar 25 11:45 opensc-ceres/Library/OpenSC/lib/libopensc-ceres.dylib -> libopensc-ceres.1.1.0.dylib 3. But the software is probably done by the same company, or at least has common roots, as the symbols used in both binaries are similar or overlap and there are other similarities that point to the same source. 3a. Who wrote the software is not relevant from LGPL point of view. 3b. Important reminder: the goal is to get the source code to integrate it into the real open source version of OpenSC, not to accuse anyone of forgetting to release the source code or not demanding it from the recipient of the software (government) 4. libopensc-ceres.1.1.0.dylib exports three symbols that exists in the original libopensc, as created by official source code: mrtn:Downloads martin$ for sym in $(cat ceres-exports.txt); do grep $sym opensc-symbols.txt; done 00022ffb T _sc_pkcs15_compute_signature 0001d1f8 T _sc_pkcs15_free_data_info 0001d1d2 T _sc_pkcs15_free_data_object (the list of exported symbols comes with "nm -g file.dylib | grep ' T '") 4a. DNI software does not export any symbols from libopensc 5. The two softwares are similar in nature. The implementations share 67 symbols. 6. Both softwares implement functions that start with sc_ which is not forbidden per se but raises suspicion as this is the naming style of OpenSC. Probably any similarities to OpenSC source code can only be checked by auditing source code. Conclusions: 1. there is IMHO enough reason for asking clarification. 2. Two e-mails should be sent, one to fnmt.es, one to dnielectronico.es. 3. Pretty good evidence exists that the Ceres software is mixing OpenSC code and modified code what sould be enough grounds for the request. My observations about the similarities of the two software gives a reason to ask the same questions from the distributor from DNIe software. This needs to be verified by a lawyer, but AFAIK if we can demonstrate that Ceres software includes LGPL source code, we can request the source code for that software to be released under LGPL. And if there is reason to expect that DNIe and Ceres software share source code as well (what IMHO is the case), release of DNIe source code can be requested under LGPL as well. So my initial assessment was a little bit hasty but not 100% incorrect. There's still grounds for the "official request" but just with a little bit milder tone than for cartaodocidadao.pt ;) In addition to strictly legal and technical aspects of LGPL there is also the political and philosophical question of how things as important as national identity cards are managed by governments ant marketed to citizens. Comments most welcome, -- Martin Paljak http://martin.paljak.pri.ee +3725156495 _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
