On Mon, Sep 08, 2008 at 01:24:58PM -0400, Tom O'Brien wrote: > Hi all: > I'm using the Log4Cxx logging library in a project, and it uses apr and > apr-util as part of the implementation. In reviewing the license to > apr-util, I noticed it contained a reference to the RSA reference > implementation to md4 and md5. The lawyers here got a look at the > license, and were not amused (no specific right to redistribute). I saw > that the Debian team had raised a similar issue in the mailing list archive.
I just noticed that this issue is covered in the Fedora licensing FAQ: http://fedoraproject.org/wiki/Licensing/FAQ which references this statement from RSA: http://www.ietf.org/ietf/IPR/RSA-MD-all [plain text sent as text/html, oops] the Fedora FAQ says that based on this, we can simply strip the restrictive licensing statements from the MD4/MD5 implementation, retaining the RSA copyright notice alone. Can legal-discuss@ confirm whether this is an acceptable course of action? Regards, Joe
