-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all,
The reason why freeswan can currently not go into main is an issue with some code license that is bundled with it. I am struggling with this for quite some time now and at the moment I need some help to clarify it.... Freeswan (the user space daemon and the kernel module) needs Eric Young's libdes to work. The freeswan code is mostly licensed under GPL, while libdes has the advertising clause in it. However, quoting from the CREDITS file of freeswan: - ---------------------------------------------------------------------------------- The LIBDES library by Eric Young is used. It is not under the GPL -- see details in libdes/COPYRIGHT -- although he has graciously waived the advertising clause for FreeS/WAN use of LIBDES. - ---------------------------------------------------------------------------------- The COPYRIGHT file says (complete): - ---------------------------------------------------------------------------------- Copyright (C) 1995-1997 Eric Young ([EMAIL PROTECTED]) All rights reserved. This package is an DES implementation written by Eric Young ([EMAIL PROTECTED]). The implementation was written so as to conform with MIT's libdes. This library is free for commercial and non-commercial use as long as the following conditions are aheared to. The following conditions apply to all code found in this distribution. Copyright remains Eric Young's, and as such any Copyright notices in the code are not to be removed. If this package is used in a product, Eric Young should be given attribution as the author of that the SSL library. This can be in the form of a textual message at program startup or in documentation (online or textual) provided with the package. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. All advertising materials mentioning features or use of this software must display the following acknowledgement: This product includes software developed by Eric Young ([EMAIL PROTECTED]) THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. The license and distribution terms for any publically available version or derivative of this code cannot be changed. i.e. this code cannot simply be copied and put under another distrubution license [including the GNU Public License.] The reason behind this being stated in this direct manner is past experience in code simply being copied and the attribution removed from it and then being distributed as part of other packages. This implementation was a non-trivial and unpaid effort. - ---------------------------------------------------------------------------------- I did get a forwarded email from freeswan upstream developers, written by Eric Young. Because we think that he did not intend this mail to be made public, I can not send it to this list or include in the freeswan package without his explicit permission (and contacting him might, in the experience of freeswan upstream authors, be difficult). In this non-signed mail he basically says that he does not care about this advertising clause anymore as he now works on other projects, but is, due to his contract with RSA, unable to release a new version with a changed license. Is this enough for freeswan to be DFSG-free or even legal ? Would it be enough for me to include a statement in the copyright file that I personally have a copy of this mail ? Wouldn't make much difference I think. Freeswan upstream developers are currently thinking of switch to openssl. I already pointed out to them that this might need a change in their own (GPL) license statement so that linking to openssl is explicitly allowed. Do we have to wait until this happens (which might take considerable time because code was written by many people who all have to agree to this change) or is there a possibility for getting freeswan back into Debian soon (many users are asking me about updated version, the current version in unstable is nearly ancient....) ? best regards and thanks in advance, Rene -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iEYEARECAAYFAj14kDMACgkQq7SPDcPCS95YqACfVeBrD6XdqAOp0yza9cZZDHpB BvwAoMrBCpKTdzrKLzt+hDXrdm3C3sBn =60Bb -----END PGP SIGNATURE-----
