On Thu, Mar 04, 2004 at 03:58:55PM -0300, Humberto Massa wrote: > David Gourdelier wrote: > >I would like to know if crypt lib licence would allow it for being > >included in Debian as a Debian package. The licence is available at > >http://www.cs.auckland.ac.nz/~pgut001/cryptlib/download.html > > > >Thank you for your answer. > > Apparently, the license (text below) is a BSD-sans-advertising -like.
Clause 3 appears to be a poorly-worded weak copyleft. More below. > More eyes, please: Here have one of mine. I don't really need depth perception anyway. <g> > Copyright 1992-2004 Peter Gutmann. All rights reserved. This "All rights reserved" followed by a "go nuts" licence always seems to jar with me. Does anyone else have the same cognitive dissonance whenever they read one of these? > Redistribution and use in source and binary forms, with or without > modification, are permitted provided that the following conditions are met: > > 1. Redistributions of source code must retain the above copyright notice, > this > list of conditions and the following disclaimer. Mmm hmm. > 2. Redistributions in binary form must reproduce the above copyright notice, > this list of conditions and the following disclaimer in the documentation > and/or other materials provided with the distribution. OK. Straight BSDish so far. > 3. Redistributions in any form must be accompanied by information on how to > obtain complete source code for the cryptlib software and any accompanying > software that uses the cryptlib software. The source code must either be > included in the distribution or be available for no more than the cost of > distribution, and must be freely redistributable under reasonable > conditions. For an executable file, complete source code means the source > code for all modules it contains or uses. It does not include source code > for modules or files that typically accompany the major components of the > operating system on which the executable file runs. Must the information on how to obtain complete source code for the cryptlib software be guaranteed accurate? I mean, if I put the source on my website for a while, then pull it down, by one interpretation I've complied with the licence because it was valid when I wrote the information, but by another I must provide the source code at the published location forever (or at least until copyright runs out, which looks to be the same thing under the current US regime, at least). "and any accompanying software that uses the cryptlib software" feels a little over-burdensome, but it's no worse (in my remaining eye) than the equivalent GPL restriction. "freely redistributable under reasonable conditions" is *very* dangerous - major lawyerbomb (thanks for that term, MJ!). My idea of reasonable and the copyright holder's idea of reasonable might be wildly different, and it's the copyright holder's opinion that carries the most weight in law. I'd seriously recommend asking Mr. Gutmann to clarify his "reasonable conditions", preferably by amending the licence. "Under terms no more restrictive than those contained in this licence" would be suitable, and make it a stronger copyleft (since you're guaranteed that nobody can make the work less free). Then we go deep into GPL territory. "the source code for all modules [the executable] contains or uses, [barring anything shipped with the OS]" is useless from Debian's POV, because we either ship everything or nothing as part of the OS, depending on which side of the "operating system" boundary you think Debian sits. Microsoft would love to have people extend the OS definition deep into application space. <grin> Overall, this licence feels vaguely familiar to me - I think I've read that particular copyleft clause before. I don't remember using cryptlib, though, so it's all a bit weird. It appears that the author wants many of the protections of the GPL - down to the OS exemption - without actually using the GPL. My recommendation would be to relicence under the GPL and be done with it - it is a widely analysed licence whose effects are fairly well understood. Aaaand the disclaimer appears normal, so I'll chop it because large quantities of capitals are annoying. - Matt
