Carsten Leonhardt writes ("Re: SHA1 implementation by Steve Reid"):
> So from what you wrote earlier, I understand that the IETF saw the
> problem with code in RFCs and took steps to clarify the situation, which
> I take as a hint from the IETF that the old code from RFC_3174
> should/can be seen as unmodifiable.But it also means that: The upstreams (both the original author and the IETF/ISOC) all want this code to be freely used in ways very compatible with the way we use it. (The fact that the old RFC is not relicensed is not because they would object to the modifification of the old code, but simply because IETF processes don't support such changes to old RFCs.) So by redistributing the code we are following the intent, as we perceive it and as it has been (belatedly) clarified, of the authors and copyrightholders. And, if at any point in the future somebody takes a more legalistic view and starts sending takedown notices, we can just throw away our existing version based on the old RFC's code and redo the integration using the nearly-identical code from the new RFC. So there is, I think, very little risk to us or our downstreams, of leaving this situation as is - ie, there is no point going and trying to weed out code based on the old RFC (even if we could somehow reliably determine whether some code was based on the old RFC directly, or via the new RFC with the better licence). Ian. -- Ian Jackson <ijack...@chiark.greenend.org.uk> These opinions are my own. If I emailed you from an address @fyvzl.net or @evade.org.uk, that is a private address which bypasses my fierce spamfilter.
