On Mon, Mar 02, 2020 at 10:09:32PM -0700, Sean Whitton wrote: > > In short, OASIS Open is a DFSG compliant license or not? > > Thanks. It looks like the license which does not permit modification > applies to the specification, so the specification is not DFSG-free. > > As for pkcs11.h, I can't see any statement that it is under any license > at all, never mind a DFSG-free license. > > So the bug severity would seem to be correct.
I'm concerned though that the alternative of using the p11-kit headers seems much worse, because it is blindingly obvious that the p11-kit versions are a derivative of the OASIS headers. Unless somehow the developers happened to choose the same names, bitmasks, and struct layouts by chance? As it is we [Botan upstream] are not violating the OASIS license, but as far as I can tell p11-kit headers *are*, by removing OASIS copyright and license, and also violating the license, due to modifying the headers. Jack
