Spanish Direccion General de la PolicĂa has released a new
version of their DNIe opensc module... under GPLv3+ license
http://www.dnie.es/descargas/codigo_fuente.html
That makes several interesting (and problematic) issues:
As LGPL states, LGPL code can be promoted to GPL, but the
reverse is not true. This means that OpenSC group cannot
integrate spanish bits in their code as LGPL.
The only way to work is keeping it as a separate loadable module
The key codes used to open secure channel still remains unpublished.
Some people here at Spain has developed a script to extract keys
from older proprietary module and inject it into source code at
compile time. So we can create source packages that automagically
create binaries with "on-the-fly" generated keys... and publish
this source code as GPL. But unsure of legal status of resulting
binaries
Not sure about legal implications of this sort of "compile-time
extracting of unpublished private keys". ( I thing ndiswrapper
and linux-dvb people "suffers" from similar problems )
BTW, in the process of evaluating code we have detected some
issues about Firefox interaction: Authentication works fine,
but signing fails in several Linux distributions
As you can see at [1] seems that an undesired old friend
reapeared: problems with pinentry, libassuan and pthreads
[1] http://www.kriptopolis.org/disponibles-fuentes-pkcs11#comment-56829
So what comes next?
- Trying to convince DGP to re-release their code as LGPL
- Decide how to handle with private and non-published keys
in source code. Alternatively try to get permission from
DGP to publis our reverse-engineered keys
- Integrate or not in opensc project keeping it as separate
dynloadable module
- Study problems with signing with firefox-3.x
We are unsure about the best way to walk
Juan Antonio
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
