>>>>> On Sun, 26 Oct 2025, Arsen Arsenović wrote: > I'd like to package a PKCS #11 module[1], but it depends on the PKCS #11 > headers provided by OASIS at > https://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/errata01/os/include/pkcs11-v2.40
> I am unsure what license these headers go under, whether they are free > software, and whether that even matters (as they are just API > definitions AFAICT). > Note that Botan also installs these in /usr/include/botan-3/botan/ (with > a slightly tweaked comment). > Please advise on how to proceed - should these be downloaded through > SRC_URI? What should be in LICENSE? Is it better to depend on Botan? > Is there some less ambiguous but still compatible source of PKCS #11 > definitions that could be used instead? > Thank you in advance, have a lovely day! > [1] https://github.com/ubavic/srb-id-pkcs11/ Debian had the same issue: https://bugs.debian.org/952951 Their conclusion was that the headers are non-free and they ended up removing them. I tend to agree: PKCS11 is hosted at github.com/oasis-tcs, and https://www.oasis-open.org/policies-guidelines/github-repositories-for-oasis-tc-members-chartered-work/ says in the "Repositories for TC Members’ Chartered Work" section: | 6) Outbound? Outbound licensing is governed by OASIS policies for TCs, | including terms in the TC’s selected IPR Mode This points to https://www.oasis-open.org/policies-guidelines/ipr/ which is rather convoluted. In sections 10.1 and 10.2.1 one find this: | [...] For the sake of clarity, the rights set forth above include the | right to directly or indirectly authorize a third party to make | unmodified copies of the Licensee’s Licensed Products and to license | (optionally under the third party’s license) the Licensee’s Licensed | Products within the scope of, and subject to the terms of, the | Obligated Party’s license. IANAL and I'm certainly not qualified to disentangle this mess (and the part of the paragraph that I've omitted is even worse). However, it says "unmodified copies" which clearly makes it non-free. There's also https://github.com/oasis-tcs/pkcs11/issues/9 but without any visible progress. Ulrich
signature.asc
Description: PGP signature
