On Mon, Oct 03, 2016 at 10:18:56PM +0200, Andreas Pretzsch wrote: > While updating the license stuff in a customer BSP, libmd hit me. > > libmd provides MD2, MD4, MD5, SHA-1 and RIPEMD-160 message digest > algorithms. > Each of the respective implementations includes different license > statements, with wrappers under beer-ware license. > Copied them in below, for reference. > > The ptxdist rule file does not specify a license. Well, no surprise. > Question would be how to handle this. > > One option is of course to simply ignore it, i.e. not use it ;-) > As of now, in ptxdist I see ntp pulling it in, for MD5. But it has its > own implementation, so... > Also, libarchive would be willing to take it, but prefers > OpenSSL/libcrypto, as being more complete. Also no dependency in ptxdist > here. > Maybe other packages would take it, too, didn't check. > > Now, as I have this can of worms open anyway, what would be the best way > to specify a license tag ? > I only see providing ptxdist patches to copy out the license headers to > files, and referring to them in LIBMD_LICENSE_FILES. > In addition to a list in LIBMD_LICENSE. Like "RSA (MD2, MD4) ; > public-domain (MD5) ; unknown (RIPEMD160) ; public-domain (SHA-1) ; > beer-ware (ALL)", or similar. > > Probably one has to go even further (to avoid the RSA attribution > clauses) and provide options for MD2 and MD4. > > But before investing the time: Does anybody care ?
In this case, I'd say, let's just move the package to staging and not use it at all. As I noted in my other mail, even ntp is not using it any more, so it is no longer needed. Michael -- Pengutronix e.K. | | Industrial Linux Solutions | http://www.pengutronix.de/ | Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de
