On Mon, Oct 16, 2006 at 11:48:05PM +0200, Tollef Fog Heen wrote: > * Colm MacCarthaigh > > | I hate these damn things, alerting us to these stupid nits only causes > | any theoritical infringement to become willful and over time worsens our > | code-base. Anyway, our time would probably be better spent just asking > | RSA for a slightly modified license. > > I'm no happier for this than you are and I can't see it being a > realistic threat. However, we're technically in the grey area and I'd > rather have us be totally clear. I'd also like to not carry some > silly patch and have to rip out the RSA MD4/MD5 code of every future > tarball released by the APR project because you and Debian disagree > about what's safe and what's not, licence-wise. > > However, note that there is a public-domain MD4 and MD5 implementation > (written by Solar Designer) which I've adapted to work in APR and put > in the Debian APR packages and which works well there. So this isn't > some big effort which you suddenly have to take on; a patch is already > present.
This is 10-year old code, that's a long time for any potential bugs to have been shaken out. It's also the reference implementation, which basically makes it bug-free by definition in the first place. The technical reasons for keeping that code are very compelling imo, which is why I suggest just asking RSA. > I have heard some rumours that you are not too happy about code being > in the public domain, so I have taken the liberty of talking with > Solar Designer over this: The concept of a public domain does not generally exist outside of the US. Generally instead a very liberal unilateral license is instead preferred. -- Colm MacCárthaigh Public Key: [EMAIL PROTECTED]
