On Mon, 30 Aug 2010, Julien Chaffraix wrote:
following the comment at the beginning of security.c I gave a try at rewriting the file. The diff against trunk is attached along with the new implementation. It passes all the tests on my machine but the compilation has not been tested outside a Linux/32bit machine. The diff is pretty big and can be split upon demand to ease review.
Whoa, very cool work! Sorry for being slow at responding, it slipped between somehow.
I fear that security.c is mostly used for kerberos4 and possibly some gssapi stuff and I must admit that I have _never_ used any of those since the days we first introduced krb4 (when I was given a krb account to borrow for a few days) so if we go this route I think we just need to trust that the tests are decent enough to at least not break everything completely and then wish and hope that someone who actually uses krb4 or gss will try it.
Also I tried to get some legal advice whether such work would be considered a proper rewrite and did not get an answer so this must be reviewed by someone with more OSS / legal experience.
I'm convinced nobody will stick out their chin and make any such bold statements unconditionally without having checked the details very carefully. And I don't think any law-person will do that for us just like that.
The original code that the copyright covers was first modified quite a lot by Martin Hedenfalk to adapt it to curl, and then I did my share at curlifying it. That was even before the file first appeared in the directory as the first version we can find with git (September 2000). From there, the file has been further modified. Now you've modified it a lot on top of all this. Is there any traces left that would warrant a copyright and thus a say in which license to use?
In all fairness, however much I'd like to just get out of that annoying announce license, I can spot similarities in the patched code and the original code we imported into curl. They are close enough to be seen by a human eye looking for it. Are they big enough to warrant copyright? I don't know, but in this case I rather leave the copyright in just to be safe and play nice.
But, given that you've worked a lot on this and fixed a bunch of issues and quirks in the code, I think we should proceed and merge your patch even if it doesn't (yet) remove the Original BSD license from the file.
What do you think? Am I wrong? -- / daniel.haxx.se ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
