Justin,
once again -- thank you so much for your diligent reviews! Wrt.
NOTICE/LICENSE files
can you please take a look at this and see if that's acceptable:
https://github.com/rvs/incubator-hawq/blob/master/LICENSE
https://github.com/rvs/incubator-hawq/blob/master/NOTICE
Wrt. crypto code -- you ended up being absolutely right and apologize
for the confusion.
The only thing I can say in my defense is that I got double tripped up by:
http://www.apache.org/dev/crypto.html#faq-previouslyexported
http://www.postgresql.org/message-id/can1ef+z1b1ecxq1gyudfo8wbp5+6mfkcqqgu_xvtnzuak9h...@mail.gmail.com
At any rate, we're removing the crypto code:
https://issues.apache.org/jira/browse/HAWQ-394
Hopefully this will take care of your concerns.
Thanks,
Roman.
On Wed, Jan 27, 2016 at 5:12 AM, Justin Mclean <justinmcl...@me.com> wrote:
> Hi,
>
>> I think this section of NOTICE is simply not worded well enough.
>
> No problem, if it is not bundled it should be removed, if the wording is
> wrong it should be fixed.
>
>> Not it doesn’t.
>
> You might want to double check the files in here:
> ./contrib/pgcrypto
> ./src/interfaces/libpq
>
> Just do a quick search for SSL for instance. Or take a look a
> contrib/pgcrypto/crypt-blowfish.c it says "This code comes from John the
> Ripper password cracker, with reentrant and crypt(3) interfaces added,” and
> that looks to be GPL software or I think public domain? I’d expect that to
> be in the LICENSE file. [1] I haven’t looked at everything in detail but
> there enough for concern and IMO it needs to be double checked.
>
> Exactly what is covered by "cryptographic functions” I’m not entirely sure.
> Do we have somewhere where that is spelt out? For instance is MD5 included in
> that? (see ./contrib/pgcrypto/crypt-md5.c, ./contrib/pgcrypto/md5.c,
> ./src/backend/libpq/md5.c) or DES (./contrib/pgcrypto/crypt-des.c) or SHA2
> (./contrib/pgcrypto/sha2.c) or blowfish mentioned above? (and those are not
> the only files)
>
>> Apache License -- no sure what you mean here -- I think we're simply
>> bubbling up the dependencies NOTICEs. Why is that wrong?
>
> Bubbling up NOTICEs is correct but AFAICS you’re not doing that.
>
>> Not sure what do you want us to do to handle that case.
>
> Fix the paths or remove it if it's no longer the case would be best I think.
>
> Thanks,
> Justin
>
> 1. http://www.openwall.com/john/doc/LICENSE.shtml
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
> For additional commands, e-mail: general-h...@incubator.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
For additional commands, e-mail: general-h...@incubator.apache.org
