severity 405360 important retitle 405360 erlang: license of RSA derived sources should be documented thanks
Hi, I think the explanation is clear enough to lower the severity. Cheers, Torsten ---------- Forwarded message ---------- From: Kenneth Lundin <[EMAIL PROTECTED]> Date: Jan 3, 2007 10:03 AM Subject: Re: [erlang-questions] Non-free files in Erlang/OTP distribution? To: Sergei Golovan <[EMAIL PROTECTED]> Cc: [EMAIL PROTECTED], Torsten Werner <[EMAIL PROTECTED]> Hi, What about this statement from RSA? (the link below) I think it clarifies that it is ok to redistribute derivative work regarding the MD5 Message-Digest Algorithm. http://www.ietf.org/ietf/IPR/RSA-MD-all It is written by: "Linn, John" <[EMAIL PROTECTED]> February 19, 2000 and begin like this: The purpose of this memo is to clarify the status of intellectual property rights asserted by RSA Security Inc. ("RSA") in the MD2, MD4 and MD5 message-digest algorithms, which are documented in RFC-1319, RFC-1320, and RFC-1321 respectively. Implementations of these message-digest algorithms, including implementations derived from the reference C code in RFC-1319, RFC-1320, and RFC-1321, may be made, used, and sold without license from RSA for any purpose. It then continues, but I think the above statement is clear enough. Note, the code distributed with Erlang/OTP is derivative work from the reference implementation in RFC 1321. /Regards Kenneth On 1/2/07, Sergei Golovan <[EMAIL PROTECTED]> wrote:
Hi! I'm packaging Erlang/OTP for Debian GNU/Linux distribution. Today there was a bugreport (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405360) concerning a license of some files, included in the Erlang/OTP distribution. The suspicious files are otp_src_R11B-2/lib/erl_interface/src/misc/eimd5.c otp_src_R11B-2/lib/erl_interface/src/misc/eimd5.h otp_src_R11B-2/erts/emulator/beam/erl_md5.c They contain (modified) reference implementation of MD5 digest algorithm. The included licence states: * License is also granted to make and use derivative works provided * that such works are identified as "derived from the RSA Data * Security, Inc. MD5 Message-Digest Algorithm" in all material * mentioning or referencing the derived work. The problem is that the license doesn't permit redistribution of derived works explicitly. Therefore it is considered non-free. Can you tell me, how do you interpret the license. Don't you think that Erlang/OTP distribution can't contain these files, derived from RSA code? Best wishes! -- Sergei Golovan _______________________________________________ erlang-questions mailing list [EMAIL PROTECTED] http://www.erlang.org/mailman/listinfo/erlang-questions
-- blog: http://twerner.blogspot.com/ homepage: http://www.twerner42.de/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
