Re: License issue with freeswan (Eric Young's libdes)

2002-09-12 Thread Steve Langasek
On Thu, Sep 12, 2002 at 10:41:24AM -0500, Rene Mayrhofer wrote:

 | What is needed here is a license exemption from the freeswan copyright
 | holders, granting permission to distribute binaries linked against
 | libdes.
 Is this enough ? Because of the advertising clause, would Debian be
 forced to include such an advertisment in any release document ?

The exact terms of the license state:

3. All advertising materials mentioning features or use of this software
   must display the following acknowledgement:
   This product includes software developed by Eric Young ([EMAIL PROTECTED])

Therefore, any advertising materials mentioning *freeswan* must display
the acknowledgement.  If (and only if) we mention the freeswan package in
our release document are we required to include this acknowledgement.
(We may be required to display an equivalent acknowledgement if we
mention other packages.)

Steve Langasek
postmodern programmer


pgpHxm0BaYf6O.pgp
Description: PGP signature


Re: License issue with freeswan (Eric Young's libdes)

2002-09-11 Thread J.H.M. Dassen (Ray)
On Fri, Sep 06, 2002 at 13:23:28 +0200, Rene Mayrhofer wrote:
 Freeswan upstream developers are currently thinking of switch to openssl.
 I already pointed out to them that this might need a change in their own
 (GPL) license statement so that linking to openssl is explicitly allowed.

Perhaps you can ask them to consider using GNUTLS (www.gnutls.org) rather
than OpenSSL? GNUTLS's license (mostly LGPL, some GPL; see libgnutls5-dev
for details), unlike OpenSSL's, is GPL-compatible. Several packages in
Debian that used to use OpenSSL have already switched to GNUTLS (mutt and
gnome-VFS IIRC).

GNUTLS builds on libgcrypt which includes a DES implementation; it should
not be too difficult to have FreeS/WAN use gcrypt's DES implementation
rather than libdes's; that should solve the licensing issues for now.

HTH,
Ray
-- 
GRub[B]eR JHM, jij bent echt nerd :))
GRub[B]eR maar wel een goeie :)
GRub[B]eR Soort van programmerende furby
Gezien op #cistron



Re: License issue with freeswan (Eric Young's libdes)

2002-09-11 Thread Steve Langasek
On Fri, Sep 06, 2002 at 01:23:28PM +0200, Rene Mayrhofer wrote:

 The reason why freeswan can currently not go into main is an issue with some 
 code license that is bundled with it. I am struggling with this for quite 
 some time now and at the moment I need some help to clarify it

 Freeswan (the user space daemon and the kernel module) needs Eric Young's 
 libdes to work. The freeswan code is mostly licensed under GPL, while libdes 
 has the advertising clause in it. However, quoting from the CREDITS file of 
 freeswan:

 --
 The LIBDES library by Eric Young is used.  It is not under the GPL -- see
 details in libdes/COPYRIGHT -- although he has graciously waived the
 advertising clause for FreeS/WAN use of LIBDES.
 --

Which parts of freeswan link against libdes?  According to
/usr/share/doc/freeswan/copyright, some parts are LGPL.  Do we know for
sure that libdes+GPL is happening?

Also, since freeswan uses libdes internally (it does not appear to use
libssl), if there is a GPL violation here, it is a violation whether or
not the binaries are in main.

 I did get a forwarded email from freeswan upstream developers, written by 
 Eric 
 Young. Because we think that he did not intend this mail to be made public, I 
 can not send it to this list or include in the freeswan package without his 
 explicit permission (and contacting him might, in the experience of freeswan 
 upstream authors, be difficult). In this non-signed mail he basically says 
 that he does not care about this advertising clause anymore as he now works 
 on other projects, but is, due to his contract with RSA, unable to release a 
 new version with a changed license. 

If he can't release a new version with a changed license because of his
contract, then what legal force does his email to freeswan upstream have? 
Perhaps he doesn't care about the advertising clause, but this is not
the same thing as waiving the clause.

To be GPL-compatible, the code must be distributable under the exact
terms of the GPL.  If it's distributable under those terms, it can also
be used in other GPL projects.  If we can't also use libdes in other GPL
projects, then even if he has waived the advertising clause for freeswan,
the license is still not GPL compatible.

What is needed here is a license exemption from the freeswan copyright
holders, granting permission to distribute binaries linked against
libdes.  An email that we can't even cite on a mailing list gives us no
legal protection if EAY decided to sue.  We must assume that EAY's
license is still in full force; therefore, we do not have a license that
allows us to distribute binaries combining libdes with GPL FreeS/WAN
code.

Steve Langasek
postmodern programmer


pgpFfyDRgSmWV.pgp
Description: PGP signature


Re: License issue with freeswan (Eric Young's libdes)

2002-09-11 Thread Rene Mayrhofer

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Steve Langasek wrote:
| Which parts of freeswan link against libdes?  According to
| /usr/share/doc/freeswan/copyright, some parts are LGPL.  Do we know for
| sure that libdes+GPL is happening?
No, not for sure. However, since the copyright situation is difficult,
having many different copyright owners, I would assume so
I have forwarded your mail to my recent upstream contact. Hopefully he
will know better.

| Also, since freeswan uses libdes internally (it does not appear to use
| libssl), if there is a GPL violation here, it is a violation whether or
| not the binaries are in main.
Yes.

| If he can't release a new version with a changed license because of his
| contract, then what legal force does his email to freeswan upstream have?
| Perhaps he doesn't care about the advertising clause, but this is not
| the same thing as waiving the clause.
Yes, I had the same feeling about the email (that's the reason for
asking here for advice...). In fact, I don't think that his email has
any legal force.

| What is needed here is a license exemption from the freeswan copyright
| holders, granting permission to distribute binaries linked against
| libdes.
Is this enough ? Because of the advertising clause, would Debian be
forced to include such an advertisment in any release document ?

best regards,
Rene
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org

iEYEARECAAYFAj1/uskACgkQq7SPDcPCS96HiwCgkALtrPag49CgpjGJBtzGHk2B
w/IAnjzRi6llrRGPAUARhBzjLP8DHEdH
=ASdx
-END PGP SIGNATURE-



Re: License issue with freeswan (Eric Young's libdes)

2002-09-11 Thread Joey Hess
Rene Mayrhofer wrote:
 Freeswan (the user space daemon and the kernel module) needs Eric Young's 
 libdes to work.

I know from researching for mindterm that version 3.06 of Eric Young's
libdes (from 1993) was licensed under the GPL. I don't know how much the
libdes library has changed since then, but it's perhaps worth a look if
you can find it. The des.c included in ssh 1.2.26, which can be found
pretty easily and is derived from libdes 3.06, is likewise licensed
under the GPL.

Of course gnutls is probably a better idea if you can get it to work.

-- 
see shy jo


pgpWh1VS21FRS.pgp
Description: PGP signature