On Tue, Oct 03, 2000 at 10:49:55AM -0700, Luca Filipozzi wrote: > I am thinking of using SRP (Secure Remote Password protocol) for the DDT > (Dynamic DNS Tools) projectk, which is developed by Debian developers and > packaged for Debian as ddt-client and ddt-server. SRP has an interesting > set of clauses in addition to the standard BSD stuff: > > * 1. Any software that incorporates the SRP authentication technology > * must display the following acknowlegment: > * "This product uses the 'Secure Remote Password' cryptographic > * authentication system developed by Tom Wu ([EMAIL PROTECTED])." > * > * 2. Any software that incorporates all or part of the SRP distribution > * itself must also display the following acknowledgment: > * "This product includes software developed by Tom Wu and Eugene > * Jhong for the SRP Distribution (http://srp.stanford.edu/srp/)." > > Annoying as these are, I can't see how they violate the DFSG. I'd like > confirmation of this.
The problem with this clause is that it doesn't define what "display" means. "Display" is no problem, and unambigous, for a program that already "displays" (for example, an interactive program). But, what does this mean for other programs (for example, imagine a linux-based firewall, which provides transparent authentication/NAT/encryption, etc. -- what would "display" mean in that context?). If there's something in this license which resolves this issue, it's probably ok. Otherwise, I see a potential conflict on DFSG#6. Thanks, -- Raul
