Skip Menu |
 

From danw@ximian.com Thu Dec 13 14:29:54 2001
Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.7.7.76])
by rt-11.mit.edu (8.9.3/8.9.3) with ESMTP id OAA09773
for <bugs@RT-11.mit.edu>; Thu, 13 Dec 2001 14:29:54 -0500 (EST)
Received: from twelve-monkeys.ximian.com (twelve-monkeys.ximian.com [141.154.95.34])
by fort-point-station.mit.edu (8.9.2/8.9.2) with ESMTP id OAA23250
for <krb5-bugs@mit.edu>; Thu, 13 Dec 2001 14:29:49 -0500 (EST)
Received: (from danw@localhost)
by twelve-monkeys.ximian.com (8.11.4/8.9.3) id fBDJTnJ28140;
Thu, 13 Dec 2001 14:29:49 -0500 (EST)
Message-Id: <200112131929.fBDJTnJ28140@twelve-monkeys.ximian.com>
Date: Thu, 13 Dec 2001 14:29:49 -0500 (EST)
From: danw@ximian.com
Reply-To: danw@ximian.com
To: krb5-bugs@mit.edu
Subject: non-MIT-style-licensed code in krb5 libs (Blame Canada!)
X-Send-Pr-Version: 3.99

Show quoted text
>Number: 1026
>Category: krb5-libs
>Synopsis: non-MIT-style-licensed code in krb5 libs (Blame Canada!)
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: krb5-unassigned
>State: open
>Class: doc-bug
>Submitter-Id: unknown
>Arrival-Date: Thu Dec 13 14:30:00 EST 2001
>Last-Modified:
>Originator: Dan Winship
>Organization:
Ximian, Inc.
Show quoted text
>Release: krb5-1.2.2
>Environment:

System: NetBSD twelve-monkeys.ximian.com 1.5X NetBSD 1.5X (GENERIC) #0: Tue Jul 31 20:12:29 EDT 2001 danw@twelve-monkeys.ximian.com:/usr/src/sys/arch/i386/compile/GENERIC i386


Show quoted text
>Description:

The krb5 README implies that (other than the OV bits), all of MIT krb5
is covered by an MIT-style license. The sources disagree:

* crypto/des/f_cbc.c, crypto/des/f_cksum.c,
crypto/des/f_sched.c, crypto/des/f_tables.c, and
des425/pcbc_encrypt.c all have a "you can't make commercial
products based on this code unless you make them available
in Canada" clause.

* crypto/md4/md4.c and crypto/md5/md5.c have a "you have to
say RSADSI if you say the name of the algorithm" clause.

* krb5/krb/strptime.c comes from NetBSD and thus has a
non-rescinded advertising clause. (Lots of other files,
particularly in krb5/posix, have the no-longer-active UCB
advertising clause, which is not a problem.)

* krb4/DNR.c says just "Copyright Apple Computer. All rights
reserved", which sounds to me like that means you can't
redistribute it at all.

* rpc/* can only be redistributed as part of something else,
not on its own.

That's just from the library code. I didn't look at the
tools/clients/servers.

Show quoted text
>How-To-Repeat:

Show quoted text
>Fix:
one or more of:

1) In your copious free time, reimplement all of the above code
2) Hunt down relevant parties, get them to sign copyright assignments
and/or relicense.
3) Change the README to indicate that some of the library code has
wacky terms. In particular, the first problem above makes it
potentially awkward to use MIT Kerberos in a commercial product
(and makes MIT Kerberos not Open Source[tm]). And IANAL, but I
think every single one of the problems mentioned above makes
it non-GPL-compatible.

Show quoted text
>Audit-Trail:
>Unformatted:
krb4/DNR.c is gone.

DES implementation has been generously donated to MIT by Dennis Ferguson. (see #6070)
Sun RPC is now 3-clause BSD-style. (see #6784)