Skip Menu |
 

History Show all quoted textShow full headers
# Thu Oct 08 02:14:31 2020 Greg Troxel <gdt@lexort.com> - Ticket created
Date: Wed, 07 Oct 2020 20:35:38 -0400
Subject: license unclarity
To: krb5-bugs@mit.edu
From: "Greg Troxel" <gdt@lexort.com>
Download (untitled) / with headers
text/plain 691B

In pkgsrc, we do not have a LICENSE= statement about MIT Kerberos. I
went to figure out what license applied and found:

In the AES section of NOTICE

The free distribution and use of this software in both source and
binary form is allowed (with or without changes) provided that:

This appears to prohibit distribution for a fee, perhaps even precluding
inclusion on a CDROM sold for $10.

Is that intended?


So this bug report is one of:

Kerberos is non-Free but this is not clearly stated up front as a
summary in NOTICE.

The text in NOTICE about AES isn't right.

something else complicated I didn't express, but that likely others
will get wrong to.


Thanks,
Greg
Download signature.asc
application/pgp-signature 194B

Message body not shown because it is not plain text.

# Thu Oct 08 02:26:06 2020 ghudson@mit.edu (Greg Hudson) - Correspondence added
Download (untitled) / with headers
text/html 903B
I think "free distribution and use" was intended to mean (approximately) "you can freely use and distribute the software" and not "you can distribute the software if you don't charge for it".

I see that Gladman's current AES code has a license starting with reworded text:

Show quoted text
> The redistribution and use of this software (with or without changes)
is allowed without the payment of fees or royalties provided that:

which I guess could still be said to have unclear applicability of "without the payment or fees or royalties".  But maybe it's a bit clearer.  I can look into updating the code and license.

MIT krb5 can be compiled with the OpenSSL crypto back-end if you want to avoid building the Gladman AES code.  I believe Fedora does this, so it's pretty well exercised.
# Thu Oct 08 15:48:20 2020 Greg Troxel <gdt@lexort.com> - Correspondence added
From: "Greg Troxel" <gdt@lexort.com>
Subject: Re: [krbdev.mit.edu #8954] license unclarity
Date: Thu, 08 Oct 2020 15:48:18 -0400
To: "Greg Hudson via RT" <rt@krbdev.mit.edu>
Download (untitled) / with headers
text/plain 1.6KiB

"Greg Hudson via RT" <rt@krbdev.mit.edu> writes:

Show quoted text
> I think "free distribution and use" was intended to mean (approximately) "you
> can freely use and distribute the software" and not "you can distribute the
> software if you don't charge for it".

Thanks. I didn't realize that. The text as it stands is uncomfortable.

Show quoted text
> I see that Gladman's current AES code has a license starting with reworded
> text:
>
>> The redistribution and use of this software (with or without changes)
> is allowed without the payment of fees or royalties provided that:
>
> which I guess could still be said to have unclear applicability of "without the
> payment or fees or royalties". But maybe it's a bit clearer. I can look into
> updating the code and license.

That's vastly clearer, or at least aligned with normal language. If
you are able to get the language updated (I know that can be hard), that
would be great.

Show quoted text
> MIT krb5 can be compiled with the OpenSSL crypto back-end if you want to avoid
> building the Gladman AES code. I believe Fedora does this, so it's pretty well
> exercised.

I don't have any desire to depart from upstream defaults. I just
updated from 1.18 to 1.18.2 and ran our lint program which told me that
we don't set a license tag, so I read it, and then my head hurt.


As an aside, if there were some consolidation of licensing, or at least
a summary in NOTICE of the license flavors, that would help people to
more rapidly understand that this qualifies overall as non-copyleft Free
Software, that is some blend of X11 license, 3-clause BSD, 4-clause BSD,
and others that are similar enough that if you are ok with those three,
you won't mind. At least that was my sense from a too-quick read.

Thanks,
Greg
Download signature.asc
application/pgp-signature 194B

Message body not shown because it is not plain text.

# Sat Oct 17 18:38:44 2020 ghudson@mit.edu (Greg Hudson) - Status changed from 'new' to 'resolved'
# Sat Oct 17 18:38:44 2020 ghudson@mit.edu (Greg Hudson) - Taken
# Sat Oct 17 18:38:44 2020 ghudson@mit.edu (Greg Hudson) - Correspondence added
From: ghudson@mit.edu
Subject: git commit
Download (untitled) / with headers
text/plain 2.4KiB

Update Gladman AES code

Update lib/crypto/builtin/aes to commit
8798ad829374cd5ff312f55ba3ccccfcf586fa11 of
https://github.com/BrianGladman/aes .

The following changes are made to the upstream code:

* In aes.h, #defines are added to give the linker-visible symbols a
prefix.

* In aes.h, AES_192 is undefined, since we only need AES-128 and
AES-256.

* In aesopt.h, USE_INTEL_AES_IF_PRESENT and USE_VIA_ACE_IF_PRESENT are
suppressed by changing the corresponding "#if 1"s to "#if 0"s.

* In aesopt.h, the conditionals for ENC_UNROLL, DEC_UNROLL, ENC_ROUND,
LAST_ENC_ROUND, DEC_ROUND, LAST_DEC_ROUND, and KEY_SCHED are changed
from "#if 1" to "#if !defined(CONFIG_SMALL) ||
defined(CONFIG_SMALL_NO_CRYPTO)".

bigredbutton: whitespace

https://github.com/krb5/krb5/commit/cb5f190056ef4d123c5fe5d4923982b830288438
Author: Greg Hudson <ghudson@mit.edu>
Commit: cb5f190056ef4d123c5fe5d4923982b830288438
Branch: master
NOTICE | 31 +-
doc/notice.rst | 29 +-
src/lib/crypto/builtin/aes/Makefile.in | 1 +
src/lib/crypto/builtin/aes/aes-gen.c | 61 +-
src/lib/crypto/builtin/aes/aes.h | 343 ++++++--
src/lib/crypto/builtin/aes/aes.txt | 662 ++++++++++++++--
src/lib/crypto/builtin/aes/aescpp.h | 55 --
src/lib/crypto/builtin/aes/aescrypp.c | 488 -----------
src/lib/crypto/builtin/aes/aescrypt.asm | 402 ---------
src/lib/crypto/builtin/aes/aescrypt.c | 507 +++++-------
src/lib/crypto/builtin/aes/aeskey.c | 753 +++++++++++-------
src/lib/crypto/builtin/aes/aeskeypp.c | 400 ---------
src/lib/crypto/builtin/aes/aesopt.h | 1138 ++++++++++++--------------
src/lib/crypto/builtin/aes/aessrc.url | 1 -
src/lib/crypto/builtin/aes/aestab.c | 445 +++++------
src/lib/crypto/builtin/aes/aestab.h | 173 ++++
src/lib/crypto/builtin/aes/brg_endian.h | 144 ++++
src/lib/crypto/builtin/aes/brg_types.h | 217 +++++
src/lib/crypto/builtin/aes/deps | 12 +-
src/lib/crypto/builtin/aes/kresults.expected | 223 +++++
src/lib/crypto/builtin/enc_provider/aes.c | 92 ++-
src/lib/crypto/krb/crypto_int.h | 6 +-
src/lib/crypto/krb/prng_fortuna.c | 8 +-
src/lib/crypto/libk5crypto.exports | 4 +-
src/lib/crypto/openssl/crypto_mod.h | 6 +-
src/lib/crypto/openssl/stubs.c | 8 +-
26 files changed, 3149 insertions(+), 3060 deletions(-)
# Fri Nov 20 01:22:59 2020 ghudson@mit.edu (Greg Hudson) - Subject changed from 'license unclarity' to 'Update Gladman AES code to a version with a clearer license'
# Mon Nov 23 16:03:23 2020 ghudson@mit.edu (Greg Hudson) - Version_Fixed 1.19 added