Hello Nicholas, >That's ok, you don't need to find the original version. Remember >that >it's a fork and child relationship, Yes, I'm terribly sorry, I'm familiar with the fork-child relationship but I still found your analogy very helpful and concise, I might present it to my interns (if that's O.K), thanks a lot for the reminder. I was extremely tired when I wrote the last e-mail. In short, considering debian-legal's input, should I mention the NCSA copyright notice in debian/copyright for Files: htpasswd.c, adding a separate License: NCSA field to clarify the provenance of said source ? I will fix the /patches issues we discussed in a later commit and would also like to propose a mechanism for integrating PAM (Pluggable Authentication Modules) into mini-httpd. I am currently in the negotiation phase with my employer to grant an exception for this particular patch in order for it to be upstreamed into debian/patches (since, remember, we're the de-facto upstream here) and for my code to become GPL licensed). PAM support (which would be toggled via a Makefile parameter) could provide tangible improvements for the users of mini-httpd and might even increase the server's popularity. The AUTH mechanism in mini-httpd is arguably heavily antiquated and prone to DDos attacks, MitM, scalability issues, etc. PAM would also enable AAA solutions to interoperate with mini-httpd almost seamlessly (such as Radius, TACACS+) which is becoming increasingly relevant in today's SSO/IoT central trust-based use cases. >P.S. Please acknowledge: Have you read the DFSG yet, and do you >understand why it's important? Yes I have and yes I do, it is one of the main reasons I decided to start contributing to DebianWiki (and now mini-httpd) to begin with. :) >I confirm receipt of your mail, and I see an attached signature. >Where >can I download your public key? I'd like to ask you the same question, since I'd like to add your address to my keyring. I've read a bit of documentation which suggests using Ubuntu's HKP which seems a bit off-axis. I understand that the Debian Public Key Server is for DDs and DMs only (I am not yet a DM). I could perhaps use my DebianWiki personal page to link to my public key, but I do not know if that solution would be accepted or would sound absurd. I should find a better solution after some research. Stay safe and thanks for your time, Alexandru Mihail On Wed, 2023-07-05 at 21:01 -0400, Nicholas D Steeves wrote: > Hi Alexandru, > > Alexandru Mihail <alexandru.mihail2897@gmail.com> writes: > > > After yet some more software archaeology, I've uncovered some more > > rusty HTML 1.0 documents which are of interest to our dilemma. > > Apparently, NCSA HTTPd Acknowledgements as of 7-14-95 state: > > "Thanks to: > > Robert McCool > > For developing NCSA HTTPd till version 1.3 and this > > documentation." > > > > https://web.archive.org/web/20090416132804/http://hoohoo.ncsa.uiuc.edu/docs/acknowledgement.html > > > > This is the time Robert left the project and the date (and license > > release - 1.3) probably aligns best with the code we have in mini- > > httpd. After extensive googling, it seems to me that the original > > mini- > > httpd-1.0.0.tar.gz source is lost to time, or at least is buried > > beyond > > my reach. > > That's ok, you don't need to find the original version. Remember > that > it's a fork and child relationship, so anyone, today, can fork httpd > (1.1-1.3, 1.4-1.14, 1.15, etc.) under the license terms specific to a > particular release. So, for a hypothetical case where the file[s] in > question are identical for the following versions ..: > > 1.1-1.3: "Do what you want but only on continental landmasses" > license > || \\ > || \=Possible fork point. If discriminating against islanders > || is important, then fork from this point. > \/ > 1.4-1.14: "Non-commercial use only, except for fishermen" license > || \\ > || \=Possible fork point. If privileging fishermen and > || discriminate against everyone else is important, then > fork > || from this point. > \/ > 1.15: GPL3+ > \\ > \=Possible fork point. Only discriminates against those who > wish to keep their source private while also distributing > their > fork. Fork from this point if that's important. > > ...then if httpd 1.15 is older then mini-httpd 1.30, you must choose > 1.15. Meanwhile, Robert McCool's copyright still exists in 1.15 even > if > he hasn't made a contribution since 1.3. > > P.S. Please acknowledge: Have you read the DFSG yet, and do you > understand why it's important? > https://wiki.debian.org/DebianFreeSoftwareGuidelines > > > I transitioned all debian mail-related services to Google, and am > > using > > a good MUA now (PGP signing properly). (BTW, does everything look > > all > > right on your end?) > > I confirm receipt of your mail, and I see an attached signature. > Where > can I download your public key? > > > I've committed to salsa and uploaded to mentors a new .changes > > which > > reflects the change in Maintainer's E-Mail. Naturally, I changed > > the > > key and updated the changelog. > > Thanks! > > > Thanks and have a great day/night ! > > You too! :) > > > Regards, > Nicholas
Attachment:
signature.asc
Description: This is a digitally signed message part