Hello Nicholas,
>That's ok, you don't need to find the original version. Remember
>that
>it's a fork and child relationship,
Yes, I'm terribly sorry, I'm familiar with the fork-child relationship
but I still found your analogy very helpful and concise, I might
present it to my interns (if that's O.K), thanks a lot for the
reminder. I was extremely tired when I wrote the last e-mail.
In short, considering debian-legal's input, should I mention the NCSA
copyright notice in debian/copyright for Files: htpasswd.c, adding a
separate License: NCSA field to clarify the provenance of said source ?
I will fix the /patches issues we discussed in a later commit and
would also like to propose a mechanism for integrating PAM (Pluggable
Authentication Modules) into mini-httpd. I am currently in the
negotiation phase with my employer to grant an exception for this
particular patch in order for it to be upstreamed into debian/patches
(since, remember, we're the de-facto upstream here) and for my code to
become GPL licensed). PAM support (which would be toggled via a
Makefile parameter) could provide tangible improvements for the users
of mini-httpd and might even increase the server's popularity. The AUTH
mechanism in mini-httpd is arguably heavily antiquated and prone to
DDos attacks, MitM, scalability issues, etc. PAM would also enable AAA
solutions to interoperate with mini-httpd almost seamlessly (such as
Radius, TACACS+) which is becoming increasingly relevant in today's
SSO/IoT central trust-based use cases.
>P.S. Please acknowledge: Have you read the DFSG yet, and do you
>understand why it's important?
Yes I have and yes I do, it is one of the main reasons I decided to
start contributing to DebianWiki (and now mini-httpd) to begin with. :)
>I confirm receipt of your mail, and I see an attached signature.
>Where
>can I download your public key?
I'd like to ask you the same question, since I'd like to add your
address to my keyring. I've read a bit of documentation which suggests
using Ubuntu's HKP which seems a bit off-axis. I understand that the
Debian Public Key Server is for DDs and DMs only (I am not yet a DM).
I could perhaps use my DebianWiki personal page to link to my public
key, but I do not know if that solution would be accepted or would
sound absurd. I should find a better solution after some research.
Stay safe and thanks for your time,
Alexandru Mihail
On Wed, 2023-07-05 at 21:01 -0400, Nicholas D Steeves wrote:
> Hi Alexandru,
>
> Alexandru Mihail writes:
>
> > After yet some more software archaeology, I've uncovered some more
> > rusty HTML 1.0 documents which are of interest to our dilemma.
> > Apparently, NCSA HTTPd Acknowledgements as of 7-14-95 state:
> > "Thanks to:
> > Robert McCool
> > For developing NCSA HTTPd till version 1.3 and this
> > documentation."
> >
> > https://web.archive.org/web/20090416132804/http://hoohoo.ncsa.uiuc.edu/docs/acknowledgement.html
> >
> > This is the time Robert left the project and the date (and license
> > release - 1.3) probably aligns best with the code we have in mini-
> > httpd. After extensive googling, it seems to me that the original
> > mini-
> > httpd-1.0.0.tar.gz source is lost to time, or at least is buried
> > beyond
> > my reach.
>
> That's ok, you don't need to find the original version. Remember
> that
> it's a fork and child relationship, so anyone, today, can fork httpd
> (1.1-1.3, 1.4-1.14, 1.15, etc.) under the license terms specific to a
> particular release. So, for a hypothetical case where the file[s] in
> question are identical for the following versions ..:
>
> 1.1-1.3: "Do what you want but only on continental landmasses"
> license
> || \\
> || \=Possible fork point. If discriminating against islanders
> || is important, then fork from this point.
> \/
> 1.4-1.14: "Non-commercial use only, except for fishermen" license
> || \\
> || \=Possible fork point. If privileging fishermen and
> || discriminate against everyone else is important, then
> fork
> || from this point.
> \/
> 1.15: GPL3+
> \\
> \=Possible fork point. Only discriminates against those who
> wish to keep their source private while also distributing
> their
> fork. Fork from this point if that's important.
>
> ...then if httpd 1.15 is older then mini-httpd 1.30, you must choose
> 1.15. Meanwhile, Robert McCool's copyright still exists in 1.15 even
> if
> he hasn't made a contribution since 1.3.
>
> P.S. Please acknowledge: Have you read the DFSG yet, and do you
> understand why it's important?
> https://wiki.debian.org/DebianFreeSoftwareGuidelines
>
> > I transitioned all debian mail-related services to Google, and am
> > using
> > a good MUA now (PGP signing properly). (BTW, does everything look
> > all
> > right on your end?)
>
> I confirm receipt of your mail, and I see an attached signature.
> Where
> can I download your public key?
>
> >