License issue with freeswan (Eric Young's libdes)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi all,
The reason why freeswan can currently not go into main is an issue with some
code license that is bundled with it. I am struggling with this for quite
some time now and at the moment I need some help to clarify it....
Freeswan (the user space daemon and the kernel module) needs Eric Young's
libdes to work. The freeswan code is mostly licensed under GPL, while libdes
has the advertising clause in it. However, quoting from the CREDITS file of
freeswan:
- ----------------------------------------------------------------------------------
The LIBDES library by Eric Young is used. It is not under the GPL -- see
details in libdes/COPYRIGHT -- although he has graciously waived the
advertising clause for FreeS/WAN use of LIBDES.
- ----------------------------------------------------------------------------------
The COPYRIGHT file says (complete):
- ----------------------------------------------------------------------------------
Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
All rights reserved.
This package is an DES implementation written by Eric Young
(eay@cryptsoft.com).
The implementation was written so as to conform with MIT's libdes.
This library is free for commercial and non-commercial use as long as
the following conditions are aheared to. The following conditions
apply to all code found in this distribution.
Copyright remains Eric Young's, and as such any Copyright notices in
the code are not to be removed.
If this package is used in a product, Eric Young should be given attribution
as the author of that the SSL library. This can be in the form of a textual
message at program startup or in documentation (online or textual) provided
with the package.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
3. All advertising materials mentioning features or use of this software
must display the following acknowledgement:
This product includes software developed by Eric Young (eay@cryptsoft.com)
THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
SUCH DAMAGE.
The license and distribution terms for any publically available version or
derivative of this code cannot be changed. i.e. this code cannot simply be
copied and put under another distrubution license
[including the GNU Public License.]
The reason behind this being stated in this direct manner is past
experience in code simply being copied and the attribution removed
from it and then being distributed as part of other packages. This
implementation was a non-trivial and unpaid effort.
- ----------------------------------------------------------------------------------
I did get a forwarded email from freeswan upstream developers, written by Eric
Young. Because we think that he did not intend this mail to be made public, I
can not send it to this list or include in the freeswan package without his
explicit permission (and contacting him might, in the experience of freeswan
upstream authors, be difficult). In this non-signed mail he basically says
that he does not care about this advertising clause anymore as he now works
on other projects, but is, due to his contract with RSA, unable to release a
new version with a changed license.
Is this enough for freeswan to be DFSG-free or even legal ? Would it be enough
for me to include a statement in the copyright file that I personally have a
copy of this mail ? Wouldn't make much difference I think. Freeswan upstream
developers are currently thinking of switch to openssl. I already pointed out
to them that this might need a change in their own (GPL) license statement so
that linking to openssl is explicitly allowed. Do we have to wait until this
happens (which might take considerable time because code was written by many
people who all have to agree to this change) or is there a possibility for
getting freeswan back into Debian soon (many users are asking me about
updated version, the current version in unstable is nearly ancient....) ?
best regards and thanks in advance,
Rene
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iEYEARECAAYFAj14kDMACgkQq7SPDcPCS95YqACfVeBrD6XdqAOp0yza9cZZDHpB
BvwAoMrBCpKTdzrKLzt+hDXrdm3C3sBn
=60Bb
-----END PGP SIGNATURE-----
Reply to: