Re: Bug#293932: [Python-Dev] license issues with profiler.py and md5.h/md5c.c

[Matthias Klose]

Jeremy Hylton writes:
> Maybe some ambitious PSF activitst could contact Roskind and Steve
> Kirsch and see if they know who at Disney to talk to...  Or maybe the
> Disney guys who were at PyCon last year could help.

please could somebody give me a contact address?

Matthias
___
Python-Dev mailing list
Python-Dev@python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Re: [Python-Dev] license issues with profiler.py and md5.h/md5c.c

[Matthias Klose]

Donovan Baarda writes:
> On Tue, 2005-02-08 at 11:52 -0800, Gregory P. Smith wrote:
> > > The md5.h/md5c.c files allow "copy and use", but no modification of
> > > the files. There are some alternative implementations, i.e. in glibc,
> > > openssl, so a replacement should be sage. Any other requirements when
> > > considering a replacement?
> 
> One thing to consider is "degree of difficulty" :-)
> 
> > >   Matthias
> > 
> > I believe the "plan" for md5 and sha1 and such is to use the much
> > faster openssl versions "in the future" (based on a long thread
> > debating future interfaces to such things on python-dev last summer).
> > That'll sidestep any tedious license issue and give a better
> > implementation at the same time.  i don't believe anyone has taken the
> > time to make such a patch yet.
> 
> I wasn't around for that discussion. There are two viable replacements
> for the RSA implementation currently used; 
> 
> libmd 
> openssl .
> 
> The libmd implementation is by Colin Plumb and has the licence; "This
> code is in the public domain; do with it what you wish." The API is
> identical to the RSA implementation and BSD world's libmd and hence is a
> drop in replacement. This implementation is faster than the RSA
> implementation.
> 
[...]
> 
> Currently md5c.c is included in the python sources. The libmd
> implementation has a drop in replacement for md5c.c. The openssl
> implementation is a complicated tangle of Makefile expanded template
> code that would be harder to include in the Python sources.

I would prefer that one as a short term solution. Patch at #1118602.
___
Python-Dev mailing list
Python-Dev@python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Re: [Python-Dev] license issues with profiler.py and md5.h/md5c.c

[Jeremy Hylton]

On Fri, 11 Feb 2005 12:55:02 +0100, Matthias Klose <[EMAIL PROTECTED]> wrote:
> > Currently md5c.c is included in the python sources. The libmd
> > implementation has a drop in replacement for md5c.c. The openssl
> > implementation is a complicated tangle of Makefile expanded template
> > code that would be harder to include in the Python sources.
> 
> I would prefer that one as a short term solution. Patch at #1118602.

Unfortunately a license that says it is in the public domain is
unacceptable (and should be for Debian, too).  That is to say, it's
not possible for someone to claim that something they produce is in
the public domain.  See http://www.linuxjournal.com/article/6225

Jeremy
___
Python-Dev mailing list
Python-Dev@python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Re: Bug#293932: [Python-Dev] license issues with profiler.py and md5.h/md5c.c

[Skip Montanaro]

>> Maybe some ambitious PSF activitst could contact Roskind and Steve
>> Kirsch and see if they know who at Disney to talk to...  Or maybe the
>> Disney guys who were at PyCon last year could help.

Matthias> please could somebody give me a contact address?

Steve's easy enough to get ahold of:

http://www.skirsch.com/

(He even still has a UltraSeek-powered search of his site. ;-)

Search Kirsch's site for Jim Roskind returned [EMAIL PROTECTED] but that was
dated 31 Oct 2000.  An abstract for a talk at University of Arizona in late
2003 sort of implied he was still at Netscape then ... maybe...

Skip

___
Python-Dev mailing list
Python-Dev@python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Re: [Python-Dev] license issues with profiler.py and md5.h/md5c.c

[Gregory P. Smith]

> I think it would be cleaner and simpler to modify the existing
> md5module.c to use the openssl md5 layer API (this is just a
> search/replace to change the function names). The bigger problem is
> deciding what/how/whether to include the openssl md5 implementation
> sources so that win32 can use them.

yes, that is all i was suggesting.

win32 python is already linked against openssl for the socket module
ssl support, having the md5 and sha1 modules depend on openssl should
not cause a problem.

-greg

___
Python-Dev mailing list
Python-Dev@python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

[Python-Dev] ViewCVS on SourceForge is broken

[Trent Mick]

Has anyone else noticed that viewcvs is broken on SF?
[EMAIL PROTECTED] ~]
$ curl -D tmp/headers http://cvs.sourceforge.net/viewcvs.py/python


502 Bad Gateway

Bad Gateway
The proxy server received an invalid
response from an upstream server.


[EMAIL PROTECTED] ~]
$ cat tmp/headers
HTTP/1.1 502 Bad Gateway
Date: Fri, 11 Feb 2005 18:38:25 GMT
Server: Apache/2.0.40 (Red Hat Linux)
Content-Length: 232
Connection: close
Content-Type: text/html; charset=iso-8859-1
Or is this just me? It is also broken for other projects for me -- e.g. 
'pywin32'.

Cheers,
Trent
--
Trent Mick
[EMAIL PROTECTED]
___
Python-Dev mailing list
Python-Dev@python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Re: [Python-Dev] ViewCVS on SourceForge is broken

[Tim Peters]

[Trent Mick]
> Has anyone else noticed that viewcvs is broken on SF?

It failed the same way from Virginia just now.  I suppose that's your
reward for kindly updating the Python copyright .

The good news is that you can use this lull in your Python work to
contribute to ZODB development!  ViewCVS at zope.org is always happy
to see you:

http://svn.zope.org/ZODB/trunk/
___
Python-Dev mailing list
Python-Dev@python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Re: [Python-Dev] ViewCVS on SourceForge is broken

[Thomas Heller]

Tim Peters <[EMAIL PROTECTED]> writes:

> [Trent Mick]
>> Has anyone else noticed that viewcvs is broken on SF?
>
> It failed the same way from Virginia just now.  I suppose that's your
> reward for kindly updating the Python copyright .
>
The failure lasts already for several days:

http://sourceforge.net/docman/display_doc.php?docid=2352&group_id=1#1107968334

Thomas

___
Python-Dev mailing list
Python-Dev@python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Re: [Python-Dev] ViewCVS on SourceForge is broken

[Tim Peters]

[Thomas Heller]


Jeez Louise!

As of 2005-02-09 there is an outage of anonymous CVS (tarballs,
pserver-based CVS and ViewCVS) for projects whose UNIX names start 
with the letters m, n, p, q, t, y and z. We are currently working on
resolving this issue.

So that means it wouldn't even do us any good to rename the project to
Thomas, Trent, Mick, Tim, Peters, or ZPython either!  All right. 
Heller 2.5, here we come.
___
Python-Dev mailing list
Python-Dev@python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Re: [Python-Dev] ViewCVS on SourceForge is broken

[Thomas Heller]

Tim Peters <[EMAIL PROTECTED]> writes:

> [Trent Mick]
>> Has anyone else noticed that viewcvs is broken on SF?
>
> It failed the same way from Virginia just now.  I suppose that's your
> reward for kindly updating the Python copyright .
>
> The good news is that you can use this lull in your Python work to
> contribute to ZODB development!  ViewCVS at zope.org is always happy
> to see you:
>
> http://svn.zope.org/ZODB/trunk/

Thomas Heller <[EMAIL PROTECTED]> writes:

> The failure lasts already for several days:
>
> http://sourceforge.net/docman/display_doc.php?docid=2352&group_id=1#1107968334

  "As of 2005-02-09 there is an outage of anonymous CVS (tarballs,
  pserver-based CVS and ViewCVS) for projects whose UNIX names start
  with the letters m, n, p, q, t, y and z."

As you can see, both projects with names starting with 'p' and 'z' are
affected, so may I suggest to contribute to *ctypes* instead of zope ;-)

Thomas

___
Python-Dev mailing list
Python-Dev@python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

RE: [Python-Dev] license issues with profiler.py and md5.h/md5c.c

[Michael Chermside]

Jeremy writes:

> Unfortunately a license that says it is in the public domain is
> unacceptable (and should be for Debian, too).  That is to say, it's
> not possible for someone to claim that something they produce is in
> the public domain.  See http://www.linuxjournal.com/article/6225

Not quite true. It would be a bit off-topic to discuss on this list
so I will simply point you to:

http://creativecommons.org/license/publicdomain-2

...which is specifically designed for the US legal system. It _IS_
possible for someone to produce something in the public domain, it
just isn't as easy as some people think (just saying it doesn't
necessarily make it so (at least under US law)) and it may not be
a good idea.

I would expect that if something truly WERE in the public domain,
then it would be acceptable for Python (and for Debian too, for
that matter). I can't comment on whether this applies to libmd.

-- Michael Chermside

___
Python-Dev mailing list
Python-Dev@python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Re: [Python-Dev] license issues with profiler.py and md5.h/md5c.c

[Tim Peters]

[Jeremy Hylton]
>> Unfortunately a license that says it is in the public domain is
>> unacceptable (and should be for Debian, too).  That is to say, it's
>> not possible for someone to claim that something they produce is in
>> the public domain.  See http://www.linuxjournal.com/article/6225

[Michael Chermside]
> Not quite true. It would be a bit off-topic to discuss on this list
> so I will simply point you to:
> 
>http://creativecommons.org/license/publicdomain-2
> 
> ...which is specifically designed for the US legal system. It _IS_
> possible for someone to produce something in the public domain, it
> just isn't as easy as some people think (just saying it doesn't
> necessarily make it so (at least under US law)) and it may not be
> a good idea.

The article Jeremy pointed at was written by the Python Software
Foundation's occasional legal counsel, and he disagrees.  While I
would love to believe that copyright law isn't this bizarre, I can't
recommend going against the best legal advice the PSF was willing to
pay for .

Note that Creative Commons doesn't recommend that you do either; from their FAQ:

   Can I use a Creative Commons license for software?

   In theory, yes, but it is not in your best interest. We strongly
encourage you to
   use one of the very good software licenses available today. (The
Free Software
   Foundation and the Open Source Initiative stand out as resources for such
   licenses.) 

> I would expect that if something truly WERE in the public domain,
> then it would be acceptable for Python (and for Debian too, for
> that matter).

So would I, but according to Larry there isn't such a thing (excepting
software written by the US Government; and for other software you
might be thinking about today, maybe in about a century if the author
lets their copyright lapse).

If Larry is correct, it isn't legally possible for an individual in
the US to disclaim copyright, regardless what they may say or sign. 
The danger then is that accepting software that purports to be free of
copyright can come back to bite you, if the author later changes their
mind (from your POV; the claim is that from US law's POV, nothing has
actually changed, since the author never actually gave up copyright to
begin with).

The very fact that this argument exists underscores the desirability
of only accepting software with an explicit license, spelling out the
copyright holder's intents wrt distribution, modification, etc.  Then
you're just in legal mud, instead of legal quicksand.
___
Python-Dev mailing list
Python-Dev@python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com