Re: Software license used for SHA-2 reference code
Simon Josefsson [EMAIL PROTECTED] writes: Hi. A newly approved IETF document contains reference code for SHA-2, and they propose to use the following license: 1.1 License Royalty free license to copy and use this software is granted, provided that redistributed derivative works do not contain misleading author or version information. Royalty free license is also granted to make and use derivative works provided that such works are identified as derived from this work. The authors make no representations concerning either the merchantability of this software or the suitability of this software for any particular purpose. It is provided as is without express or implied warranty of any kind. The authors have tweaked the license again, here is the new version: 1.1 Software License Permission is granted for all uses, commercial and non-commercial, of the sample code found in Section 8. Royalty free license to use, copy, modify and distribute the software found in Section 8 is granted, provided that this document is identified in all material mentioning or referencing this software, and provided that redistributed derivative works do not contain misleading author or version information. The authors make no representations concerning either the merchantability of this software or the suitability of this software for any particular purpose. It is provided as is without express or implied warranty of any kind. Do you see any loopholes in this that make it non-DFSG-free? Thanks, Simon -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Software license used for SHA-2 reference code
On Wed, 8 Mar 2006, Simon Josefsson wrote: Simon Josefsson [EMAIL PROTECTED] writes: 1.1 Software License Permission is granted for all uses, commercial and non-commercial, of the sample code found in Section 8. Royalty free license to use, copy, modify and distribute the software found in Section 8 is granted, provided that this document is identified in all material mentioning or referencing this software, and provided that redistributed derivative works do not contain misleading author or version information. The authors make no representations concerning either the merchantability of this software or the suitability of this software for any particular purpose. It is provided as is without express or implied warranty of any kind. Do you see any loopholes in this that make it non-DFSG-free? A couple that I see. They are likely just loopholes that the copyright holder does not intend, but I'd love to see fixed. 1) identified in all material mentioning or referencing this software. Clearly this is outside the control of the licensee - some third party could mention or reference this software, causing you to violate the license. 2) do not contain misleading author or version information. This is a very wide net, and if such information is part of the api (so the license disallows spoofing), is non-free. This gets us into the weird situation where the work itself is free, but there are some modifications that are allowed by the license but would be non-free due to tripping a license provision. Aside from that, misleading is a vague term, which will be interpreted differently every time the question is asked. Also, what about pseudonymous modifications? -- Mark Rafn[EMAIL PROTECTED]http://www.dagon.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Software license used for SHA-2 reference code
Hi Simon, On Fri, Feb 17, 2006 at 10:22:32AM +0100, Simon Josefsson wrote: Hi. A newly approved IETF document contains reference code for SHA-2, and they propose to use the following license: 1.1 License Royalty free license to copy and use this software is granted, provided that redistributed derivative works do not contain misleading author or version information. Royalty free license is also granted to make and use derivative works provided that such works are identified as derived from this work. The authors make no representations concerning either the merchantability of this software or the suitability of this software for any particular purpose. It is provided as is without express or implied warranty of any kind. Is this DFSG-free? I'm sorry that I'm asking for licenses on a piece of work that is not targeted for inclusion into Debian at this point. However, I suspect that the reference code in this RFC will end up in several projects sooner or later. It is only now we have an opportunity to influence the license chosen. Please try to be conservative in proposing fixes to the license. The license grants permission to use, copy, create derivative works, and redistribute. The only stipulations are that the original author be credited, and derivative works be labeled; and there's a warranty disclaimer. I think this is clearly DFSG-compliant. Thanks, -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ signature.asc Description: Digital signature
Software license used for SHA-2 reference code
Hi. A newly approved IETF document contains reference code for SHA-2, and they propose to use the following license: 1.1 License Royalty free license to copy and use this software is granted, provided that redistributed derivative works do not contain misleading author or version information. Royalty free license is also granted to make and use derivative works provided that such works are identified as derived from this work. The authors make no representations concerning either the merchantability of this software or the suitability of this software for any particular purpose. It is provided as is without express or implied warranty of any kind. Is this DFSG-free? I'm sorry that I'm asking for licenses on a piece of work that is not targeted for inclusion into Debian at this point. However, I suspect that the reference code in this RFC will end up in several projects sooner or later. It is only now we have an opportunity to influence the license chosen. Please try to be conservative in proposing fixes to the license. Thanks. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Software license used for SHA-2 reference code
Steve Langasek [EMAIL PROTECTED] writes: Hi Simon, On Fri, Feb 17, 2006 at 10:22:32AM +0100, Simon Josefsson wrote: Hi. A newly approved IETF document contains reference code for SHA-2, and they propose to use the following license: 1.1 License Royalty free license to copy and use this software is granted, provided that redistributed derivative works do not contain misleading author or version information. Royalty free license is also granted to make and use derivative works provided that such works are identified as derived from this work. The authors make no representations concerning either the merchantability of this software or the suitability of this software for any particular purpose. It is provided as is without express or implied warranty of any kind. Is this DFSG-free? I'm sorry that I'm asking for licenses on a piece of work that is not targeted for inclusion into Debian at this point. However, I suspect that the reference code in this RFC will end up in several projects sooner or later. It is only now we have an opportunity to influence the license chosen. Please try to be conservative in proposing fixes to the license. The license grants permission to use, copy, create derivative works, and redistribute. The only stipulations are that the original author be credited, and derivative works be labeled; and there's a warranty disclaimer. I think this is clearly DFSG-compliant. Excellent, thanks Steve! FWIW, I agree that it is a free license. I've forwarded this to the original authors. /Simon -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Software license used for SHA-2 reference code
Steve Langasek [EMAIL PROTECTED] wrote: Royalty free license to copy and use this software is granted, provided that redistributed derivative works do not contain misleading author or version information. Royalty free license is also granted to make and use derivative works provided that such works are identified as derived from this work. [...] The license grants permission to use, copy, create derivative works, and redistribute. The only stipulations are that the original author be credited, and derivative works be labeled; and there's a warranty disclaimer. And when you violate the license by distributing modified versions with misleading information, you loose your right to copy and use the software. But that's not a freeness problem, I guess. I think this is clearly DFSG-compliant. Regards, Frank -- Frank Küster Single Molecule Spectroscopy, Protein Folding @ Inst. f. Biochemie, Univ. Zürich Debian Developer (teTeX)
Re: Software license used for SHA-2 reference code
On Fri, Feb 17, 2006 at 11:27:09AM +0100, Frank Küster wrote: Steve Langasek [EMAIL PROTECTED] wrote: Royalty free license to copy and use this software is granted, provided that redistributed derivative works do not contain misleading author or version information. Royalty free license is also granted to make and use derivative works provided that such works are identified as derived from this work. The license grants permission to use, copy, create derivative works, and redistribute. The only stipulations are that the original author be credited, and derivative works be labeled; and there's a warranty disclaimer. And when you violate the license by distributing modified versions with misleading information, you loose your right to copy and use the software. But that's not a freeness problem, I guess. Yeah, it isn't, because under copyright law you don't *need* a license in order to use a copy of the work. Cheers, -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ signature.asc Description: Digital signature
Re: Software license used for SHA-2 reference code
[EMAIL PROTECTED] wrote: Hi. A newly approved IETF document contains reference code for SHA-2, and they propose to use the following license: Is this DFSG-free? It looks fine to me, but if it's still a draft then I think it would be useful to use a wording less vague than misleading author or version information. -- ciao, Marco -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Software license used for SHA-2 reference code
Marco d'Itri [EMAIL PROTECTED] writes: [EMAIL PROTECTED] wrote: Hi. A newly approved IETF document contains reference code for SHA-2, and they propose to use the following license: Is this DFSG-free? It looks fine to me, but if it's still a draft then I think it would be useful to use a wording less vague than misleading author or version information. Suggestions? The author information seem clear to me, but I have no idea what the version information refer to. Thanks. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Software license used for SHA-2 reference code
On Fri, 17 Feb 2006, Marco d'Itri wrote: It looks fine to me, but if it's still a draft then I think it would be useful to use a wording less vague than misleading author or version information. Agreed. It's fine to say that the package must be labelled as to modifications made, but this phrasing seems to open the door to api-level requirements (like the filename or in-code version string cannot be misleading, whatever that means). -- Mark Rafn[EMAIL PROTECTED]http://www.dagon.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
