Processed: fixed 403798 in 1.7.2-1
Processing commands for cont...@bugs.debian.org: > fixed 403798 1.7.2-1 Bug#403798: john: don't clobber the default restore file name Bug marked as fixed in version 1.7.2-1. > End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- Pkg-john-devel mailing list Pkg-john-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-john-devel
Processed: fixed 403798 in 1.7.2-3
Processing commands for cont...@bugs.debian.org: > fixed 403798 1.7.2-3 Bug#403798: john: don't clobber the default restore file name Bug marked as fixed in version 1.7.2-3. > End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- Pkg-john-devel mailing list Pkg-john-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-john-devel
Processed: setting package to john-data john, tagging 512158
Processing commands for cont...@bugs.debian.org: > #john (1.7.3.1-1) UNRELEASED; urgency=low > # > # * debian/README.wordlists: typo fixed (Closes: #512158) > # > package john-data john Ignoring bugs not assigned to: john john-data > tags 512158 + pending confirmed Bug#512158: typo in /usr/share/doc/john/README.wordlists There were no tags set. Tags added: pending, confirmed > End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- Pkg-john-devel mailing list Pkg-john-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-john-devel
Processed: unarchiving 360591, reopening 360591
Processing commands for cont...@bugs.debian.org: > unarchive 360591 Bug 360591 [john] documentation gives incorrect paths for some files (john.pot, restore, etc.) Unarchived Bug 360591 > reopen 360591 Bug#360591: documentation gives incorrect paths for some files (john.pot, restore, etc.) Bug reopened, originator not changed. > End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- Pkg-john-devel mailing list Pkg-john-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-john-devel
Processed: unarchiving 485422, reopening 485422
Processing commands for cont...@bugs.debian.org: > unarchive 485422 Bug 485422 [john] john: explain better the use of --rules and --test Unarchived Bug 485422 > reopen 485422 Bug#485422: john: explain better the use of --rules and --test Bug reopened, originator not changed. > End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- Pkg-john-devel mailing list Pkg-john-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-john-devel
Processed: setting package to john-data john, tagging 360591, tagging 485422
Processing commands for cont...@bugs.debian.org: > #john (1.7.3.1-1) UNRELEASED; urgency=low > # > # * debian/man/john.8: > #- updated the locations of john's session files (Closes: #360591) > #- updated descriptions of --rules and --test (Closes: #485422) > # > package john-data john Ignoring bugs not assigned to: john john-data > tags 360591 + pending confirmed Bug#360591: documentation gives incorrect paths for some files (john.pot, restore, etc.) Tags were: confirmed Tags added: pending, confirmed > tags 485422 + pending confirmed Bug#485422: john: explain better the use of --rules and --test Tags were: confirmed Tags added: pending, confirmed > End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- Pkg-john-devel mailing list Pkg-john-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-john-devel
KRB5 implementation for JtR, free license
Hello, I'm writing to you because I was adding the KRB5 implementation patch to JtR, and you're listed as the author in src/KRB5_fmt.c (the copyright holder is not a "human", but I believe you could have contacts there). However, to be able to include the patch in Debian, we need a free license. Currently, you're not granting any right: /* * KRB5_fmt.c * * Kerberos 5 module for John the Ripper by Solar Designer, based on the * KRB4 module by Dug Song. * * Author: Nasko Oskov * * Licensing: * * The module contains code derived or copied from the Heimdal project. * * Copyright (c) 1997-2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Which is distribution of Kerberos based on M.I.T. implementation. * * Copyright (C) 1990 by the Massachusetts Institute of Technology * */ If you wish the patch to be added to the official Debian package, please consider licensing the code under a DFSG-free license, such as GPL, BSD or MIT/X11 (there are many others, though). As far as I can see from http://www.h5l.org/ , the latest Heimdal releases are released under BSD-3. Another option would then be rewriting the "plugin" basing from a BSD-3-licensed version of Heimdal. Kindly, David Paleino -- . ''`. Debian maintainer | http://wiki.debian.org/DavidPaleino : :' : Linuxer #334216 --|-- http://www.hanskalabs.net/ `. `'` GPG: 1392B174 | http://snipr.com/qa_page `- 2BAB C625 4E66 E7B8 450A C3E1 E6AA 9017 1392 B174 signature.asc Description: PGP signature -- Pkg-john-devel mailing list Pkg-john-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-john-devel
Re: KRB5 implementation for JtR, free license
On Sun, 18 Jan 2009 16:58:01 +0100, David Paleino wrote: > Hello, [..] Also, please keep the list CCed, so that we have a public record of anything. Thank you, David -- . ''`. Debian maintainer | http://wiki.debian.org/DavidPaleino : :' : Linuxer #334216 --|-- http://www.hanskalabs.net/ `. `'` GPG: 1392B174 | http://snipr.com/qa_page `- 2BAB C625 4E66 E7B8 450A C3E1 E6AA 9017 1392 B174 signature.asc Description: PGP signature -- Pkg-john-devel mailing list Pkg-john-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-john-devel
DOMINOSEC module for JtR, licensing needed
Hello, I was integrating the DOMINOSEC module for john in the Debian package, but I encountered some problems. The file in question is src/DOMINOSEC_fmt.c . First of all: there is no licensing statement. Please choose a DFSG-free license, common are GPL, BSD, MIT/X11 (but many others are out there). Even Public Domain is ok. Second: I need a copyright holder, best if it is your real name. I can't find it in the sources. Please keep the list CCed, so that we have a public record of our mailing. Kindly, David Paleino -- . ''`. Debian maintainer | http://wiki.debian.org/DavidPaleino : :' : Linuxer #334216 --|-- http://www.hanskalabs.net/ `. `'` GPG: 1392B174 | http://snipr.com/qa_page `- 2BAB C625 4E66 E7B8 450A C3E1 E6AA 9017 1392 B174 signature.asc Description: PGP signature -- Pkg-john-devel mailing list Pkg-john-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-john-devel
Lotus5 module for JtR, copyright issues
Hello, I wanted to integrate the Lotus5 module into the Debian package of john. Some issues were encountered in src/lotus5_fmt.c, and I'm writing you because that's the only contact available in the source code. 1) Is Jeff Fay contactable in any way? A contact (preferably an e-mail address) would be great, but this is not a show-stopper to me (but I should ask debian-legal guys, to be sure) 2) A copyright holder is missing for you, your real name would be best [0] 3) A licensing statement is missing at all. Could you please choose a DFSG-free license? Common are GPL, BSD and MIT/X11 (there are many others), but also Public Domain is fine. Please keep the list CCed, so that we have a public record of our mailing. Kindly, David Paleino [0] this issue also popped up in various other modules where you are listed in the source files: src/rawMD5go_fmt.c src/rawSHA1_fmt.c src/NSLDAP_fmt.c src/OPENLDAPS_fmt.c I won't ping you regarding *this* issue on those files, but you can probably show up in the CC lists. -- . ''`. Debian maintainer | http://wiki.debian.org/DavidPaleino : :' : Linuxer #334216 --|-- http://www.hanskalabs.net/ `. `'` GPG: 1392B174 | http://snipr.com/qa_page `- 2BAB C625 4E66 E7B8 450A C3E1 E6AA 9017 1392 B174 signature.asc Description: PGP signature -- Pkg-john-devel mailing list Pkg-john-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-john-devel
JtR add-on licenses
Hi David, Thank you for trying to get the many JtR contributors to license their code properly. I neglected to do it so far, for a variety of reasons, and indeed I did not include that code into the official JtR. As you work on this, you could want to be aware of my licensing requirements to consider a piece of code for inclusion into JtR. In short, not every free software license will do. I'd need to be able to include the code into the free JtR, which is currently under GPLv2, but I also want to retain the freedom to re-license JtR (or a derivative work) differently (which I now have, being the copyright holder). I currently exercise this freedom for JtR Pro, which is under a non-free license - http://www.openwall.com/john/pro/doc/LICENSE The possibilities for contributed code, to be considered for inclusion, appear to be: - public domain statement (in this case, the author should be mentioned, but no copyright statement may be included; in fact, a copyright disclaimer may be included along with the "placed in the public domain" statement); - a relaxed license compatible with GNU GPL v2+, but also allowing for proprietary derivative works - e.g., the license I use for popa3d or Matthew Kwan's micro-license found in nonstd.c in JtR; - dual-license: "GNU GPL v2 or later" or a specific permissive license allowing for proprietary derivative works at the user's discretion; - copyright transferred to me (uncommon). I am not happy about common choices for a "permissive license allowing for proprietary derivative works", such as BSD, as those tend to have specific requirements for attribution, which could make e.g. the license for JtR Pro look complicated. If BSD is inevitable, then shorter forms of it are preferred (2-clause). I previously touched on this issue in the following posting: http://www.openwall.com/lists/john-users/2007/03/19/4 Thanks again, Alexander -- Pkg-john-devel mailing list Pkg-john-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-john-devel
Re: JtR add-on licenses
On Sun, 18 Jan 2009 19:42:23 +0300, Solar Designer wrote: > Hi David, Hi Alex, (I read the list, no need to CC ;-)) > Thank you for trying to get the many JtR contributors to license their > code properly. I neglected to do it so far, for a variety of reasons, > and indeed I did not include that code into the official JtR. Yes, I could imagine the reason. However, I was planning the release of 1.7.3.1 in Debian and... luckily I marked my debian/copyright with big TODO marks, we avoided a sure REJECT ;) > As you work on this, you could want to be aware of my licensing > requirements to consider a piece of code for inclusion into JtR. In > short, not every free software license will do. I'd need to be able to > include the code into the free JtR, which is currently under GPLv2, but > I also want to retain the freedom to re-license JtR (or a derivative > work) differently (which I now have, being the copyright holder). > I currently exercise this freedom for JtR Pro, which is under a non-free > license - http://www.openwall.com/john/pro/doc/LICENSE ACK. > The possibilities for contributed code, to be considered for inclusion, > appear to be: > > - public domain statement (in this case, the author should be mentioned, > but no copyright statement may be included; in fact, a copyright > disclaimer may be included along with the "placed in the public domain" > statement); Well, copyright statement is just saying "Hey, I did it, I have my rights on it and can exercise those" -- but right after you release it in the "public domain". I don't consider files with missing statements as PD -- they're "All rights reserved" in most countries. > - a relaxed license compatible with GNU GPL v2+, but also allowing for > proprietary derivative works - e.g., the license I use for popa3d or > Matthew Kwan's micro-license found in nonstd.c in JtR; Yes -- I considered those free already (snippet from current debian/copyright): Files: src/nonstd.c src/sboxes.c Copyright: © 1998, Matthew Kwan License: other ==> nonstd.c <== /* * Generated S-box files. * * This software may be modified, redistributed, and used for any purpose, * so long as its origin is acknowledged. * * Produced by Matthew Kwan - May 1998 */ ==> sboxes.c <== /* * Generated S-box files. * * This software may be modified, redistributed, and used for any purpose, * so long as its origin is acknowledged. * * Produced by Matthew Kwan - March 1998 */ > - dual-license: "GNU GPL v2 or later" This is because JtR is itself under GPL-2+, I suppose. > or a specific permissive license allowing for proprietary derivative works at > the user's discretion; Clear. > - copyright transferred to me (uncommon). Ok. > I am not happy about common choices for a "permissive license allowing > for proprietary derivative works", such as BSD, as those tend to have > specific requirements for attribution, which could make e.g. the license > for JtR Pro look complicated. If BSD is inevitable, then shorter forms > of it are preferred (2-clause). As you might have seen, the mails I sent generally lacked any statement. So, let the authors decide the license they want -- if they choose BSD, I'll push them towards BSD-2, if they choose a JtR-incompatible (yet free) license, I'll warn them about the patches not being included upstream, and so forth. > I previously touched on this issue in the following posting: > > http://www.openwall.com/lists/john-users/2007/03/19/4 Regarding the OpenSSL issue, you might want to read a mail I sent some time before to solve a similar issue: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508292#17 As far as I understand your requirements though, and the OpenSSL license [0], probably point 3 is failing your "must not have specific requirements for attribution" wish. Correct me if I'm wrong (I'm not a lawyer, after all). [0] http://www.openssl.org/source/license.html Thank you for your mail. I'll point to it in further mails to add-on authors :-) Kindly, David -- . ''`. Debian maintainer | http://wiki.debian.org/DavidPaleino : :' : Linuxer #334216 --|-- http://www.hanskalabs.net/ `. `'` GPG: 1392B174 | http://snipr.com/qa_page `- 2BAB C625 4E66 E7B8 450A C3E1 E6AA 9017 1392 B174 signature.asc Description: PGP signature -- Pkg-john-devel mailing list Pkg-john-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-john-devel
SHA1 module for JtR, copyright issues
Hello, apart from the "Real Name"/"Copyright Holder" issue, I'm missing a copyright statement for src/rawSHA1_fmt.c . Please choose a DFSG-free license, and also keep an eye on [0] if you want your module be included in JtR upstream. [0] http://lists.alioth.debian.org/pipermail/pkg-john-devel/2009-January/000232.html Also, src/sha.h is missing both a copyright statement and an author/copyright holder. You're not listed there, but this file seems coming from the same patch as src/rawSHA1_fmt.c. Do you know how can I contact its author? (or is it you?) Kindly, David -- . ''`. Debian maintainer | http://wiki.debian.org/DavidPaleino : :' : Linuxer #334216 --|-- http://www.hanskalabs.net/ `. `'` GPG: 1392B174 | http://snipr.com/qa_page `- 2BAB C625 4E66 E7B8 450A C3E1 E6AA 9017 1392 B174 signature.asc Description: PGP signature -- Pkg-john-devel mailing list Pkg-john-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-john-devel
Invision PowerBoard2 module for JtR, copyright issues
Hello, as already wrote about DOMINOSEC, I'm missing a copyright holder for the IPB2 module and any licensing statement. The same rules apply here. Also, please keep an eye on http://lists.alioth.debian.org/pipermail/pkg-john-devel/2009-January/000232.html if you want your modules to be officially included upstream. Kindly, David Paleino (please remember to keep the list CCed) -- . ''`. Debian maintainer | http://wiki.debian.org/DavidPaleino : :' : Linuxer #334216 --|-- http://www.hanskalabs.net/ `. `'` GPG: 1392B174 | http://snipr.com/qa_page `- 2BAB C625 4E66 E7B8 450A C3E1 E6AA 9017 1392 B174 signature.asc Description: PGP signature -- Pkg-john-devel mailing list Pkg-john-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-john-devel
Re: Invision PowerBoard2 module for JtR, copyright issues
On Sun, 18 Jan 2009 18:16:00 +0100, David Paleino wrote: > Hello, > [..] the IPB2 module [..] That obviously is src/IPB2_fmt.c. Sorry for not being clearer before. David -- . ''`. Debian maintainer | http://wiki.debian.org/DavidPaleino : :' : Linuxer #334216 --|-- http://www.hanskalabs.net/ `. `'` GPG: 1392B174 | http://snipr.com/qa_page `- 2BAB C625 4E66 E7B8 450A C3E1 E6AA 9017 1392 B174 signature.asc Description: PGP signature -- Pkg-john-devel mailing list Pkg-john-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-john-devel
MD5-Apache module for JtR, copyright issues
Hello, I'm writing to you because you're listed as the copyright holders for src/MD5_apache_fmt.c. Trying to include it in the official Debian package, I found that the file does not carry any licensing statement. Please choose a DFSG-free license -- you might also want to keep an eye on http://lists.alioth.debian.org/pipermail/pkg-john-devel/2009-January/000232.html if you want your module to be included upstream. Kindly, David Paleino -- . ''`. Debian maintainer | http://wiki.debian.org/DavidPaleino : :' : Linuxer #334216 --|-- http://www.hanskalabs.net/ `. `'` GPG: 1392B174 | http://snipr.com/qa_page `- 2BAB C625 4E66 E7B8 450A C3E1 E6AA 9017 1392 B174 signature.asc Description: PGP signature -- Pkg-john-devel mailing list Pkg-john-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-john-devel
NSLDAP/OPENLDAPS modules fro JtR, copyright issues
Hello, I'm writing to you because you're listed as copyright holder in src/NSLDAP_fmt.c and src/OPENLDAP_fmt.c . Those files are missing a licensing statement though: please choose a DFSG-free one to ease inclusion into the Debian package for john, and also keep an eye on http://lists.alioth.debian.org/pipermail/pkg-john-devel/2009-January/000232.html if you want your modules to be merged upstream. Also Public Domain is fine. Bartavelle, those files are also missing copyright years for you (and the usual "Copyright holder"-issue). Also, I'm missing licensing and copyright statements for src/base64.c and src/base.h . Since those seem like coming from the same patches, do you know who their authors are? Are those yourselves? If so, please clearly state it (full statement, copyright years, copyright holders and preferably an e-mail contact) Also, please remember to keep the list CCed. Kindly, David Paleino -- . ''`. Debian maintainer | http://wiki.debian.org/DavidPaleino : :' : Linuxer #334216 --|-- http://www.hanskalabs.net/ `. `'` GPG: 1392B174 | http://snipr.com/qa_page `- 2BAB C625 4E66 E7B8 450A C3E1 E6AA 9017 1392 B174 signature.asc Description: PGP signature -- Pkg-john-devel mailing list Pkg-john-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-john-devel
Re: JtR add-on licenses
David, On Sun, Jan 18, 2009 at 06:03:07PM +0100, David Paleino wrote: > However, I was planning the release of 1.7.3.1 in Debian and... luckily I > marked > my debian/copyright with big TODO marks, we avoided a sure REJECT ;) Well, I think you could include 1.7.3.1 in Debian without the patches initially. You don't have to apply them. I wrote: > > The possibilities for contributed code, to be considered for inclusion, > > appear to be: > > > > - public domain statement (in this case, the author should be mentioned, > > but no copyright statement may be included; in fact, a copyright > > disclaimer may be included along with the "placed in the public domain" > > statement); > > Well, copyright statement is just saying "Hey, I did it, I have my rights > on it and can exercise those" -- A copyright statement says "I have my rights on it and can exercise those". It does not say "I did it" (copyright could also have been transferred to the person/entity). > but right after you release it in the "public domain". I have no idea what you mean by this. My point was that "public domain" and "copyrighted work" are mutually exclusive. So one can't meaningfully include both a copyright and a public domain statement on a file. > I don't consider files with missing statements as PD -- they're "All rights > reserved" in most countries. Correct. > > - a relaxed license compatible with GNU GPL v2+, but also allowing for > > proprietary derivative works - e.g., the license I use for popa3d or > > Matthew Kwan's micro-license found in nonstd.c in JtR; > > Yes -- I considered those free already (snippet from current > debian/copyright): ... Great. I mentioned nonstd.c to illustate a suitable relaxed micro-license for contributed code in general. I'd be happy if all contributions, short of those placed in the public domain (which I like best), were licensed like that. > > - dual-license: "GNU GPL v2 or later" > > This is because JtR is itself under GPL-2+, I suppose. Right now, JtR is GPL v2 only - but I want to retain the right to "upgrade" to "GPL v2 or later" or to GPL v3 or to a later version (if available at the time) if I choose to do so in the future. > > or a specific permissive license allowing for proprietary derivative works > > at > > the user's discretion; > > Clear. I quoted the above paragraph to not leave the "dual-license" quote out of context (otherwise, someone could think of "dual-license" as referring merely to different versions of the GPL, whereas it is referring to "GPLv2+ or a permissive ..."). > As you might have seen, the mails I sent generally lacked any statement. So, > let the authors decide the license they want -- if they choose BSD, I'll push > them towards BSD-2, if they choose a JtR-incompatible (yet free) license, I'll > warn them about the patches not being included upstream, and so forth. OK. I think most authors did not care about placing their code under a specific license, so it makes sense to suggest to them what licenses work best not only for Debian but also for inclusion upstream. That way, we'll avoid having them pick a "random" license at first, then have to re-license should I want to consider the code for inclusion later. You have essentially started to do it by including a reference to my first posting on this in your e-mails. Thank you! > > I previously touched on this issue in the following posting: > > > > http://www.openwall.com/lists/john-users/2007/03/19/4 > > Regarding the OpenSSL issue, ... I think you misunderstood me on this. My reference to OpenSSL in that posting was not in connection with licensing. > As far as I understand your requirements though, and the OpenSSL license [0], > probably point 3 is failing your "must not have specific requirements for > attribution" wish. Correct me if I'm wrong (I'm not a lawyer, after all). Currently, I include this in the JtR Pro license: "Some builds of John the Ripper Pro are statically linked against the SHA-1 code from OpenSSL libcrypto, by Eric Young and others." I hope this is sufficient. As to the very specific attribution text required by the OpenSSL license, I think it is actually inconsistent with different specific text found in the SSLeay license. Although the OpenSSL license also includes the "Original SSLeay License", I find it weird that it does not require those using OpenSSL in a product to use the attribution required by SSLeay. This is understandable, as the old attribution would no longer be 100% correct, but I think it highlights a problem with those specific attribution requirements. Disclaimer: IANAL. > Thank you for your mail. I'll point to it in further mails to add-on authors > :-) Thank you! Alexander -- Pkg-john-devel mailing list Pkg-john-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-john-devel
HTTP Digest auth module for JtR, copyright issues
Hello, I'm writing to you because you wrote the module in subject. Trying to include the patch for this module into the Debian package for john, I encountered some issues: 1) no copyright years are given. Since a patch cannot convey timestamps information, I cannot infer those from anywhere. Please provide one or more years, or a range; 2) no licensing statement is made. Please choose a DFSG-free license to ease inclusion into Debian. Also, you might want to ask for inclusion upstream, and that has additional requirements: http://lists.alioth.debian.org/pipermail/pkg-john-devel/2009-January/000232.html Also Public Domain is fine, but please clearly state it. 3) I suppose you're the copyright holder for doc/HDAA_README as well, but I cannot include it until I'm sure. So please clearly state this as well. Please remember to keep the list CCed, so that we can have a public record of our mailing. Kindly, David Paleino -- . ''`. Debian maintainer | http://wiki.debian.org/DavidPaleino : :' : Linuxer #334216 --|-- http://www.hanskalabs.net/ `. `'` GPG: 1392B174 | http://snipr.com/qa_page `- 2BAB C625 4E66 E7B8 450A C3E1 E6AA 9017 1392 B174 signature.asc Description: PGP signature -- Pkg-john-devel mailing list Pkg-john-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-john-devel
Releasing to Public Domain (was: Re: JtR add-on licenses)
(CCing debian-legal, so that they could give advice. Full thread at http://lists.alioth.debian.org/pipermail/pkg-john-devel/2009-January/000232.html ) On Sun, 18 Jan 2009 20:40:11 +0300, Solar Designer wrote: > On Sun, Jan 18, 2009 at 06:03:07PM +0100, David Paleino wrote: > > However, I was planning the release of 1.7.3.1 in Debian and... luckily I > > marked my debian/copyright with big TODO marks, we avoided a sure REJECT ;) > > Well, I think you could include 1.7.3.1 in Debian without the patches > initially. You don't have to apply them. Sure I could. But then I would forget about them, and after some months I'd say "wtf are these patches here? rm -rf debian/patches/*!" ;-) (trust me, no one knows me better than myself.) > I wrote: > > > > The possibilities for contributed code, to be considered for inclusion, > > > appear to be: > > > > > > - public domain statement (in this case, the author should be mentioned, > > > but no copyright statement may be included; in fact, a copyright > > > disclaimer may be included along with the "placed in the public domain" > > > statement); > > > > Well, copyright statement is just saying "Hey, I did it, I have my rights > > on it and can exercise those" -- > > A copyright statement says "I have my rights on it and can exercise > those". It does not say "I did it" (copyright could also have been > transferred to the person/entity). Yes, sorry, I meant that. > > but right after you release it in the "public domain". > > I have no idea what you mean by this. > > My point was that "public domain" and "copyrighted work" are mutually > exclusive. So one can't meaningfully include both a copyright and a > public domain statement on a file. I meant something like: /* * Copyright © , Foo Bar * This work is hereby released to Public Domain */ That is: with the first line you state your rights over the code, and with the second you exercise those by deliberately losing them. debian-legal: am I totally wrong? (IANAL.) > [..] Kindly, David -- . ''`. Debian maintainer | http://wiki.debian.org/DavidPaleino : :' : Linuxer #334216 --|-- http://www.hanskalabs.net/ `. `'` GPG: 1392B174 | http://snipr.com/qa_page `- 2BAB C625 4E66 E7B8 450A C3E1 E6AA 9017 1392 B174 signature.asc Description: PGP signature -- Pkg-john-devel mailing list Pkg-john-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-john-devel
JtR core files: copyright issues
Hello Alex, finally came to the end of my debian/copyright! :-) Here are some issues I found: src/x86-64.S: - you state that some functions are based on nonstd.c, others on sboxes.c (both by Matthew Kwan), but don't clearly give a licensing statement. That's your code, your choice to release it under GPLv2 or Matthew-Kwan's micro-license. src/x86-mmx.S src/x86-sse.S: - same issue as src/x86-64.S - missing copyright years for authors other than you ;-) Also, it would be great if I added mail contacts for Matthew Kwan, Bruce Ford and Rémi Guyomarch, all cited in the copyright headers. I haven't googled for them yet, but I had to send you this mail for the licensing issues. Kindly, David -- . ''`. Debian maintainer | http://wiki.debian.org/DavidPaleino : :' : Linuxer #334216 --|-- http://www.hanskalabs.net/ `. `'` GPG: 1392B174 | http://snipr.com/qa_page `- 2BAB C625 4E66 E7B8 450A C3E1 E6AA 9017 1392 B174 signature.asc Description: PGP signature -- Pkg-john-devel mailing list Pkg-john-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-john-devel
Re: Lotus5 module for JtR, copyright issues
David Paleino wrote: > Hello, Hi, > I wanted to integrate the Lotus5 module into the Debian package of > john. Some issues were encountered in src/lotus5_fmt.c, and I'm writing you > because that's the only contact available in the source code. > > 1) Is Jeff Fay contactable in any way? A contact (preferably an e-mail > address) > would be great, but this is not a show-stopper to me (but I should ask > debian-legal guys, to be sure) I can't find any email from him in my mailbox. It seems that I never contacted him, but it was a while ago and I'm not sure anymore. If I did contact him, I googled contact information. > 2) A copyright holder is missing for you, your real name would be best [0] I'd rather use my pseudonym. It's not too hard to find my real name from this, just from the WHOIS records. > 3) A licensing statement is missing at all. Could you please choose a > DFSG-free > license? Common are GPL, BSD and MIT/X11 (there are many others), but also > Public Domain is fine. I'm not the original author of this, so I would not presume on his intentions. However, as JtR is GPLv2, I'd say that all patches are implicitly GPLv2. You might want to contact debian-legal for an endless argument on this subject :) > Please keep the list CCed, so that we have a public record of our mailing. > > Kindly, > David Paleino > > [0] this issue also popped up in various other modules where you are listed in > the source files: > src/rawMD5go_fmt.c > src/rawSHA1_fmt.c > src/NSLDAP_fmt.c > src/OPENLDAPS_fmt.c > I won't ping you regarding *this* issue on those files, but you can > probably show up in the CC lists. -- Pkg-john-devel mailing list Pkg-john-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-john-devel
Re: MD5 for JtR, copyright issues
David Paleino wrote: > (please keep the list CCed) > > Hello David, Balázs, bartavelle, > I'm integrating some patches into Debian's package of john. Let me expose > different issues I encountered in this mail :-) > "Bartavelle", Balázs Bucsay and David Luyer: > src/rawMD5go_fmt.c > this file is missing copyright years (see above), apart from bartavelle (© > 2004). It is also missing any licensing statement - please choose a > DFSG-free > license (common are GPL, BSD or MIT/X11, but there are many others out > there) -- also Public Domain is fine. > Another "issue" is about the copyright holder for "bartavelle", I've already > contacted him/her for this separately (other files involved). I'd say GPLv2, just like the main JtR code. As it was not explicitely mentionned, it would be nice to have the other contributors opinion on this. -- Pkg-john-devel mailing list Pkg-john-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-john-devel
Re: Lotus5 module for JtR, copyright issues
On Sun, 18 Jan 2009 18:54:30 +0100, bartavelle wrote: > David Paleino wrote: > > Hello, > > Hi, Thank you for your fast reply. > > I wanted to integrate the Lotus5 module into the Debian package of > > john. Some issues were encountered in src/lotus5_fmt.c, and I'm writing you > > because that's the only contact available in the source code. > > > > 1) Is Jeff Fay contactable in any way? A contact (preferably an e-mail > > address) would be great, but this is not a show-stopper to me (but I should > > ask debian-legal guys, to be sure) > > I can't find any email from him in my mailbox. It seems that I never > contacted him, but it was a while ago and I'm not sure anymore. If I did > contact him, I googled contact information. Ok, I'll try myself, then. > > 2) A copyright holder is missing for you, your real name would be best [0] > > I'd rather use my pseudonym. It's not too hard to find my real name from > this, just from the WHOIS records. Yes, but didn't want to disclose it :-) Ok then, I will use the pseudonym. Even though I'm not really sure if that's acceptable in court. > > 3) A licensing statement is missing at all. Could you please choose a > > DFSG-free license? Common are GPL, BSD and MIT/X11 (there are many others), > > but also Public Domain is fine. > > I'm not the original author of this, so I would not presume on his > intentions. That's why I asked you his e-mail address. > However, as JtR is GPLv2, I'd say that all patches are implicitly GPLv2. You > might want to contact debian-legal for an endless argument on this subject :) Heh, not really. I'm not talking about the copyright of the patch itself (you might patch different files, each differently licensed), but about the copyright of newly created files (which is common when adding new formats to JtR), and that's not influenced by JtR copyright -- I already have patches creating files in the Public Domain. Kindly, David -- . ''`. Debian maintainer | http://wiki.debian.org/DavidPaleino : :' : Linuxer #334216 --|-- http://www.hanskalabs.net/ `. `'` GPG: 1392B174 | http://snipr.com/qa_page `- 2BAB C625 4E66 E7B8 450A C3E1 E6AA 9017 1392 B174 signature.asc Description: PGP signature -- Pkg-john-devel mailing list Pkg-john-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-john-devel
Re: SHA1 module for JtR, copyright issues
David Paleino wrote: > Hello, > apart from the "Real Name"/"Copyright Holder" issue, I'm missing a copyright > statement for src/rawSHA1_fmt.c . > Please choose a DFSG-free license, and also keep an eye on [0] if you want > your > module be included in JtR upstream. > > [0] > http://lists.alioth.debian.org/pipermail/pkg-john-devel/2009-January/000232.html > > Also, src/sha.h is missing both a copyright statement and an author/copyright > holder. You're not listed there, but this file seems coming from the same > patch > as src/rawSHA1_fmt.c. Do you know how can I contact its author? (or is it > you?) Argh! Debian technicalities at its finest :) I do not really care about the license attached to my "work". Most of it is just copy and paste from the main program, with some small changes. Anyway: * I'm the original "author" of sha.h * I'd like stuff I wrote to be GPLv2, and I'd grant a less restrictive license to Solar in case he wants this upstream. I wont elaborate too much on this, as I think it is highly unlikely. -- Pkg-john-devel mailing list Pkg-john-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-john-devel
Re: KRB5 implementation for JtR, free license
Hello, thanks for your quick reply. On Sun, 18 Jan 2009 12:54:52 -0500, Nasko Oskov wrote: > On Sun, Jan 18, 2009 at 04:58:01PM +0100, David Paleino wrote: > > If you wish the patch to be added to the official Debian package, please > > consider licensing the code under a DFSG-free license, such as GPL, BSD or > > MIT/X11 (there are many others, though). > > > > As far as I can see from http://www.h5l.org/ , the latest Heimdal releases > > are released under BSD-3. Another option would then be rewriting the > > "plugin" basing from a BSD-3-licensed version of Heimdal. > > I would not mind the patch being added to Debian. Feel free to modify > the header to indicate that I'm licensing the code under the BSD > license. > Let me know if you have other questions or anything is required of me. The original author stated that BSD-3 is not acceptable for inclusion into upstream code. Do you wish to license it under BSD-2? For more information: http://lists.alioth.debian.org/pipermail/pkg-john-devel/2009-January/000232.html By the way, it seems like you're not the copyright holder for KRB5_fmt.c, that's what I meant with: On Sun, Jan 18, 2009 at 04:58:01PM +0100, David Paleino wrote: > [..] you're listed as the author in src/KRB5_fmt.c (the copyright holder is > not a "human", but I believe you could have contacts there). Not being the copyright holder, you cannot really exercise any right on the code: * Copyright (c) 1997-2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. Do you work there? Any chance I can get an official mail from there? I suppose those copyright lines come from older Heimdal sources, that's why I suggested rewriting the module using newer BSD-3-licensed sources. Again, thank you for your promptness, David -- . ''`. Debian maintainer | http://wiki.debian.org/DavidPaleino : :' : Linuxer #334216 --|-- http://www.hanskalabs.net/ `. `'` GPG: 1392B174 | http://snipr.com/qa_page `- 2BAB C625 4E66 E7B8 450A C3E1 E6AA 9017 1392 B174 signature.asc Description: PGP signature -- Pkg-john-devel mailing list Pkg-john-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-john-devel
Re: NSLDAP/OPENLDAPS modules fro JtR, copyright issues
David Paleino wrote: > Bartavelle, those files are also missing copyright years for you (and the > usual > "Copyright holder"-issue). Hello, I don't have the CVS for these files anymore, so let's say it's from 2007 for me. -- Pkg-john-devel mailing list Pkg-john-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-john-devel
Re: SHA1 module for JtR, copyright issues
On Sun, 18 Jan 2009 19:08:52 +0100, bartavelle wrote: > David Paleino wrote: > > Also, src/sha.h is missing both a copyright statement and an > > author/copyright holder. You're not listed there, but this file seems > > coming from the same patch as src/rawSHA1_fmt.c. Do you know how can I > > contact its author? (or is it you?) > > Argh! Debian technicalities at its finest :) Heh, we don't want 1.7.3.1 being REJECTed by ftpmasters ;-) (though I believe they'll have some headache reading my debian/copyright) > I do not really care about the license attached to my "work". Most of it is > just copy and paste from the main program, with some small changes. Anyway: > * I'm the original "author" of sha.h Great. > * I'd like stuff I wrote to be GPLv2, and I'd grant a less restrictive > license to Solar in case he wants this upstream. I wont elaborate too > much on this, as I think it is highly unlikely. Why? Personal conflicts with Solar? ;) Anyhow, you could want to use something like: * This software may be modified, redistributed, and used for any purpose, * so long as its origin is acknowledged. (see src/nonstd.c) Kindly, David -- . ''`. Debian maintainer | http://wiki.debian.org/DavidPaleino : :' : Linuxer #334216 --|-- http://www.hanskalabs.net/ `. `'` GPG: 1392B174 | http://snipr.com/qa_page `- 2BAB C625 4E66 E7B8 450A C3E1 E6AA 9017 1392 B174 signature.asc Description: PGP signature -- Pkg-john-devel mailing list Pkg-john-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-john-devel
Re: SHA1 module for JtR, copyright issues
David Paleino wrote: >> * I'd like stuff I wrote to be GPLv2, and I'd grant a less restrictive >> license to Solar in case he wants this upstream. I wont elaborate too >> much on this, as I think it is highly unlikely. > > Why? Personal conflicts with Solar? ;) Most of my production is quite bad, and should be considered as ugly PoCs. I believe that no proper developer would want my source code in his official tree. > Anyhow, you could want to use something like: > > * This software may be modified, redistributed, and used for any purpose, > * so long as its origin is acknowledged. This license perfectly suits me. Please disregard any other comments I made on this subject, and prefer this license to any contribution I made. Thanks! -- Pkg-john-devel mailing list Pkg-john-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-john-devel
HTTP Digest auth module for JtR, copyright issues
> Hello, > I'm writing to you because you wrote the module in subject. Trying to include > the patch for this module into the Debian package for john, I encountered some > issues: > 1) no copyright years are given. >Since a patch cannot convey timestamps information, I cannot infer those >from anywhere. Please provide one or more years, or a range; I wrote this patch during july / august 2008 > 2) no licensing statement is made. >Please choose a DFSG-free license to ease inclusion into Debian. Also, you >might want to ask for inclusion upstream, and that has additional >requirements: > > http://lists.alioth.debian.org/pipermail/pkg-john-devel/2009-January/000232.html >Also Public Domain is fine, but please clearly state it. All my work about password cracking was released under GPL license. > 3) I suppose you're the copyright holder for doc/HDAA_README as well, but I > cannot include it until I'm sure. So please clearly state this as well. Yes I wrote doc/HDAA_README. You can find my work here : http://syscall.eu/romain/ > Please remember to keep the list CCed, so that we can have a public record of > our mailing. Done. -- Romain Raboin -- Pkg-john-devel mailing list Pkg-john-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-john-devel
Re: HTTP Digest auth module for JtR, copyright issues
On Sun, 18 Jan 2009 20:40:10 +0100, Romain Raboin wrote: > > Hello, > > I'm writing to you because you wrote the module in subject. Trying to > > include the patch for this module into the Debian package for john, I > > encountered some issues: > > 1) no copyright years are given. > >Since a patch cannot convey timestamps information, I cannot infer those > >from anywhere. Please provide one or more years, or a range; > > I wrote this patch during july / august 2008 Thanks for the information. > > 2) no licensing statement is made. > >Please choose a DFSG-free license to ease inclusion into Debian. Also, > > you might want to ask for inclusion upstream, and that has additional > >requirements: > > > > http://lists.alioth.debian.org/pipermail/pkg-john-devel/2009-January/000232.html > >Also Public Domain is fine, but please clearly state it. > > All my work about password cracking was released under GPL license. Is "GPLv2 or later" ok to you? (that's to ensure inclusion in upstream code) Thank you for your prompt reply. Kindly, David -- . ''`. Debian maintainer | http://wiki.debian.org/DavidPaleino : :' : Linuxer #334216 --|-- http://www.hanskalabs.net/ `. `'` GPG: 1392B174 | http://snipr.com/qa_page `- 2BAB C625 4E66 E7B8 450A C3E1 E6AA 9017 1392 B174 signature.asc Description: PGP signature -- Pkg-john-devel mailing list Pkg-john-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-john-devel
Re: HTTP Digest auth module for JtR, copyright issues
> > Is "GPLv2 or later" ok to you? (that's to ensure inclusion in upstream code) It's OK. > > Thank you for your prompt reply. -- Romain Raboin -- Pkg-john-devel mailing list Pkg-john-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-john-devel
Re: MD5-Apache module for JtR, copyright issues
| I'm writing to you because you're listed as the copyright holders for | src/MD5_apache_fmt.c. Trying to include it in the official Debian package, I | found that the file does not carry any licensing statement. | | Please choose a DFSG-free license -- you might also want to keep an eye on | http://lists.alioth.debian.org/pipermail/pkg-john-devel/2009-January/000232.html | if you want your module to be included upstream. Please use GPLv2 or later. Kostas -- Pkg-john-devel mailing list Pkg-john-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-john-devel
Re: NSLDAP/OPENLDAPS modules fro JtR, copyright issues
hi, David Paleino írta: > Hello, > I'm writing to you because you're listed as copyright holder in > src/NSLDAP_fmt.c and src/OPENLDAP_fmt.c . I made (as I remember) NSLDAP_fmt.c from this patch: # Netscape LDAP SHA, SSHA passwords support for 1.6, by K Evangelinos So, it's under the licence of the original patch. Where can I found the OPENLDAP_fmt.c? [...] > Also, I'm missing licensing and copyright statements for src/base64.c and > src/base.h . Since those seem like coming from the same patches, do you know > who their authors are? Are those yourselves? If so, please clearly state it > (full statement, copyright years, copyright holders and preferably an e-mail > contact) They are also found in K Evangelinos' Netscape LDAP SHA, SSHA passwords support for 1.6 patch. best regards, SZ -- Pkg-john-devel mailing list Pkg-john-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-john-devel
Re: MD5 for JtR, copyright issues
Hello! First of all, thank for your mail. I made the improvements at last year, so you can write 2008. I think the license behove to bartavelle first, by the way gplv2 would be good for me too. Balázs Bucsay David Paleino wrote: > (please keep the list CCed) > > Hello David, Balázs, bartavelle, > I'm integrating some patches into Debian's package of john. Let me expose > different issues I encountered in this mail :-) > > David Luyer and Balázs Bucsay: > src/md5_eq.c > missing copyright years. Since a patch doesn't have the ability to carry > timestamps, I cannot infer those from anywhere. Please provide one, two or > more, or a range of years. > > David Luyer: > src/md5_go.c > src/md5_go.h > these files are missing copyright years as well. David? :-) > > "Bartavelle", Balázs Bucsay and David Luyer: > src/rawMD5go_fmt.c > this file is missing copyright years (see above), apart from bartavelle (© > 2004). It is also missing any licensing statement - please choose a > DFSG-free > license (common are GPL, BSD or MIT/X11, but there are many others out > there) -- also Public Domain is fine. > Another "issue" is about the copyright holder for "bartavelle", I've already > contacted him/her for this separately (other files involved). > > > Please reply with your decisions on-list (no need to CC me), I'll use them as > pointers for debian/copyright or an eventual additional file explaining why I > won't add the "X" patch to the package. > > Kindly, > David Paleino > -- Pkg-john-devel mailing list Pkg-john-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-john-devel
Re: HTTP Digest auth module for JtR, copyright issues
David, On Sun, Jan 18, 2009 at 08:46:09PM +0100, David Paleino wrote: > Is "GPLv2 or later" ok to you? (that's to ensure inclusion in upstream code) No license choice can "ensure" inclusion, it can merely "allow" for inclusion. OK, I am nitpicking. More importantly, "GPLv2 or later" is not sufficient to allow for inclusion upstream, as I explained in my posting: http://lists.alioth.debian.org/pipermail/pkg-john-devel/2009-January/000232.html Maybe I did not express it clearly enough... By "dual-license" I definitely did not mean just the "v2 or later" thing, I meant "GPL or something more permissive at the user's discretion" - that is, besides GPL there has to be a more permissive license allowing for proprietary derived works. In a follow-up posting, I mentioned that I'd be happy if all contributions, short of those placed in the public domain (which I like best), were licensed under the micro-license found in nonstd.c: * This software may be modified, redistributed, and used for any purpose, * so long as its origin is acknowledged. For the nitpickers, let's extend the suggested license to: This software may be redistributed and used in source and binary forms, with or without modification, so long as its origin is acknowledged. This suggested wording resembles that of 2-clause BSD more closely, yet it replaces the 2 clauses requiring specific attribution with the more premissive wording from Matthew Kwan's micro-license. Matthew Kwan's original wording, quoted above, has the same issue that the ISC license does, where one might claim that redistribution of modified versions was not permitted. See: http://www.fsf.org/licensing/licenses/#ISC Alexander -- Pkg-john-devel mailing list Pkg-john-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-john-devel
Re: SHA1 module for JtR, copyright issues
On Sun, Jan 18, 2009 at 07:21:22PM +0100, bartavelle wrote: > Most of my production is quite bad, and should be considered as ugly > PoCs. I believe that no proper developer would want my source code in > his official tree. There are several reasons why I care about licensing terms for your code anyway: - I am redistributing the patches off of Openwall's website and FTP mirrors, and having no license at all might not give me this right; - various packagers of JtR, including Debian, apply and redistribute builds of JtR with those patches; - there's potential for a "community branch" of JtR, which I and/or others might start to maintain - and such code would be acceptable there (hopefully, to be cleaned up somewhat with subsequent commits); - the code is potentially of interest for the official JtR as well - not as-is, but rather as "documentation" of the crypto transformations, a set of tried and working optimization hints, etc. - if I produce cleaner code while looking at yours, I might end up matching some portions of your code quite closely - and for that a compatible license would help avoid any speculations about the new code being derived from yours and illegally re-licensed. Thanks, Alexander -- Pkg-john-devel mailing list Pkg-john-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-john-devel
Re: JtR core files: copyright issues
On Sun, Jan 18, 2009 at 06:58:44PM +0100, David Paleino wrote: > src/x86-64.S: > - you state that some functions are based on nonstd.c, others on sboxes.c > (both by Matthew Kwan), but don't clearly give a licensing statement. > That's your code, your choice to release it under GPLv2 or Matthew-Kwan's > micro-license. Since I don't give a license specifically in that file, it is currently being licensed under GPLv2 along with the rest of JtR. Yes, I could have used Matthew Kwan's micro-license, but I did not. As you know, GPLv2 is compatible with it (but far more restrictive), so this transition is OK. I see no need to mention the license in that source file explicitly. Also, I don't think that I am bound by Matthew Kwan's micro-license here, as all that I really used was optimized S-box expressions, not code. I doubt that optimized versions of boolean expressions, originally derived from tables in the DES specification, are subject to copyright at all. But I am not a lawyer, and luckily this does not matter this time. > src/x86-mmx.S > src/x86-sse.S: > - same issue as src/x86-64.S Same answer. > - missing copyright years for authors other than you ;-) Well, the file I got this from was sboxes-mmx.cpp in a distributed.net DES client. It had: // MMX implementation of Kwan's sboxes // // Bruce Ford // RИmi Guyomarch // // // $Log: sboxes-mmx.cpp,v $ // Revision 1.5 1998/11/16 15:39:50 remi // Deleted older sboxes. // // Revision 1.4 1998/09/28 22:09:23 remi // Cleared 3 warnings. // // Revision 1.3 1998/07/12 05:29:16 fordbr // Replaced sboxes 1, 2 and 7 with Kwan versions // Now 1876 kkeys/s on a P5-200MMX // // Revision 1.2 1998/07/08 23:42:28 remi // Added support for CliIdentifyModules(). // // Revision 1.1 1998/07/08 15:43:52 remi // First integration of the MMX bitslicer. (I've obfuscated the e-mail addresses in the quote above, although as far as I'm aware they're non-working anyway.) So this is 1998, but frankly I am not 100% sure they are the copyright holders. As you can see, there was no copyright statement in that source file. Maybe there was one on the DES client as a whole, but I'm not sure I can locate a copy of it now (it does not appear to be available for download anymore). Since I doubt that Bruce and Remi ever transferred their copyright to anyone, such as to distributed.net, I just assumed that they remained the copyright holders. I had explicit permission from them to include the code in JtR. > Also, it would be great if I added mail contacts for Matthew Kwan, You can find Matthew's e-mail address here: http://www.darkside.com.au/bitslice/ > Bruce Ford and R??mi Guyomarch Unfortunately, I completely lost contact with them around Y2K, when I wanted to transform the "explicit permission" into a specific license. This bothers me too. If you manage to contact one or both of them, please do let me know! Thanks, Alexander -- Pkg-john-devel mailing list Pkg-john-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-john-devel
revisions of patches to use (was: Releasing to Public Domain)
David, On Sun, Jan 18, 2009 at 06:51:55PM +0100, David Paleino wrote: > On Sun, 18 Jan 2009 20:40:11 +0300, Solar Designer wrote: > > Well, I think you could include 1.7.3.1 in Debian without the patches > > initially. You don't have to apply them. > > Sure I could. But then I would forget about them, and after some months I'd > say > "wtf are these patches here? rm -rf debian/patches/*!" ;-) > > (trust me, no one knows me better than myself.) OK. Please make sure that you're using nothing older than john-1.7.3.1-all-5.diff.gz for the patches now. I fixed plenty of bugs in contributed code by this revision of the jumbo patch, compared to patches available separately (or in the contributors' trees or as part of older revisions of the jumbo patch). In fact, I am aware of more bugs to fix in that code... I just haven't had time to work on another revision of the jumbo patch since then. Alexander -- Pkg-john-devel mailing list Pkg-john-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-john-devel
Re: MD5 for JtR, copyright issues
G'day, For any and all contributions I have made to JtR, please consider these contributions to be licensed under GPL version 2 as of the date of the submission of the patches to the JtR email list, which for the mentioned files was 2005. Thanks, David. > Hello! > > First of all, thank for your mail. > I made the improvements at last year, so you can write 2008. > I think the license behove to bartavelle first, by the way gplv2 would > be good for me too. > > Balázs Bucsay > > > David Paleino wrote: >> (please keep the list CCed) >> >> Hello David, Balázs, bartavelle, >> I'm integrating some patches into Debian's package of john. Let me >> expose >> different issues I encountered in this mail :-) >> >> David Luyer and Balázs Bucsay: >> src/md5_eq.c >> missing copyright years. Since a patch doesn't have the ability to >> carry >> timestamps, I cannot infer those from anywhere. Please provide one, >> two or >> more, or a range of years. >> >> David Luyer: >> src/md5_go.c >> src/md5_go.h >> these files are missing copyright years as well. David? :-) >> >> "Bartavelle", Balázs Bucsay and David Luyer: >> src/rawMD5go_fmt.c >> this file is missing copyright years (see above), apart from >> bartavelle (© >> 2004). It is also missing any licensing statement - please choose a >> DFSG-free >> license (common are GPL, BSD or MIT/X11, but there are many others out >> there) -- also Public Domain is fine. >> Another "issue" is about the copyright holder for "bartavelle", I've >> already >> contacted him/her for this separately (other files involved). >> >> >> Please reply with your decisions on-list (no need to CC me), I'll use >> them as >> pointers for debian/copyright or an eventual additional file explaining >> why I >> won't add the "X" patch to the package. >> >> Kindly, >> David Paleino >> > > -- Pkg-john-devel mailing list Pkg-john-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-john-devel
