Hash: SHA1

On Wednesday, May 16, 2012 10:37:02 AM Kevan Miller wrote:
> On May 11, 2012, at 3:17 PM, Josh Thompson wrote:
> >
> > Kevan,
> >
> > Ugh.  Thanks for looking at this.  I guess it goes to show you can't just
> > trust that another project that says it is MIT licensed is *completely*
> > MIT
> > licensed.  :(  I'll figure out a way to deal with it.  If it works out
> > that
> > bcpowmod.php and str_split.php are not actually needed, can I just remove
> > them?  If so, do I need to document that modification somewhere?
> BTW, vcl/trunk/web/.ht-inc/phpseclib/index.html refers to PHP Secure
> Communications Library as LGPL-licensed. Which is contradicted by
> http://phpseclib.sourceforge.net/
> It looks like our documentation comes from
> http://phpseclib.sourceforge.net/documentation/ -- I'd check with the
> phpseclib project. Seems to be their reference to LGPL is unintended or
> inconsistent. bcpowmod.php's LGPL license would seem to be a problem with
> this, however…
> --kevan

After looking further, there are only two files (AES.php and Rijndael.php)
needed from the phpseclib project, and both of them appear as though they were
written to be able to be included by themselves (i.e. each one contains
information about the author, the project, and the license).  Both files state
that they are MIT licensed and contain that license in them.  Is it normal to
just pull in specific files from another project, or is it better to include
the whole project?

My only other experience in including another open source project in one I
work on is from including the Dojo Toolkit with VCL.  In that case, it seemed
to make the most sense to include the whole thing.

License wise, it seems simplest to just include the two files in the release,
but I just want to make sure we do the right thing in respecting other open
source projects.

- --
- -------------------------------
Josh Thompson
VCL Developer
North Carolina State University

my GPG/PGP key can be found at pgp.mit.edu

All electronic mail messages in connection with State business which
are sent to or received by this account are subject to the NC Public
Records Law and may be disclosed to third parties.
Version: GnuPG v2.0.17 (GNU/Linux)


Reply via email to