Re: Cryptlib - is it DFSG-free?
On Mar 4, 2004, at 13:43, Marek Habersack wrote:
Hey all,
As in subject -
http://www.cs.auckland.ac.nz/~pgut001/cryptlib/download.html
Please always post license conditions to the mailing list, not just
URLs.
Here is a copy-and-paste job:
cryptlib is distributed under a dual license that allows free,
open-source use under a GPL-compatible license and closed-source use
under a standard commercial license. The GPL-compatible license
(a.k.a. the Sleepycat license) is given below. A good overview and
background behind the Sleepycat license, which also applies for
cryptlib, is also available.
Copyright 1992-2004 Peter Gutmann. All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
met:
1. Redistributions of source code must retain the above copyright
notice, this
list of conditions and the following disclaimer.
Normal.
2. Redistributions in binary form must reproduce the above copyright
notice,
this list of conditions and the following disclaimer in the
documentation
and/or other materials provided with the distribution.
Normal.
3. Redistributions in any form must be accompanied by information on
how to
obtain complete source code for the cryptlib software and any
accompanying
software that uses the cryptlib software.
"software that uses the cryptlib software" is worrying to me. If that
software is legally a derived work, then we're fine; otherwise, we may
be failing DFSG 9. Not only that, this may not be GPL-compatible then.
Other than that "apt-get source foo" in doc/package/copyright seems to
count.
The source code must either be
included in the distribution or be available for no more than the
cost of
distribution, and must be freely redistributable under reasonable
conditions.
"reasonable conditions" aren't defined; I assume that distributing
under this license counts. I also assume the GPL counts, as the license
is labeled GPL compatible.
Putting the sources on an FTP site seems fine. Note that the license
doesn't say how long they must be available for, that is a little
troubling.
For an executable file, complete source code means the source
code for all modules it contains or uses. It does not include
source code
for modules or files that typically accompany the major components
of the
operating system on which the executable file runs.
This looks pretty much like the GPL. "or uses" is a little worrying
again...
THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT, ARE DISCLAIMED.
IN NO
EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL,
EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
PROCUREMENT
OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
OTHERWISE) ARISING
IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY
OF SUCH DAMAGE.
If you're unable to comply with the above license then the following,
alternate usage conditions apply:
It appears that the following terms are optional (especially see the
part up top about dual-licensing). I'm thus ignoring them, as they are
clearly non-free.
Any large-scale commercial use of cryptlib requires a license.
"Large-scale commercial use" means any revenue-generating purpose such
as use for company- internal purposes, or use of cryptlib in an
application or product, with a total gross revenue of over US$5,000.
This allows cryptlib to be used in freeware and shareware
applications, for evaluation and research purposes, and for
non-revenue-generating or personal use without charge. In addition the
author reserves the right to grant free licenses for commercial use in
special cases (for example where there is a general benefit to the
public), contact the author for details if you think you qualify.
For information on commercial use, there is a cryptlib brochure
available in Adobe Acrobat format.
Reply to: