[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Cryptlib - is it DFSG-free?


On Mar 4, 2004, at 13:43, Marek Habersack wrote:


Hey all,
As in subject - http://www.cs.auckland.ac.nz/~pgut001/cryptlib/download.html
Please always post license conditions to the mailing list, not just URLs. 

Here is a copy-and-paste job:
cryptlib is distributed under a dual license that allows free, open-source use under a GPL-compatible license and closed-source use under a standard commercial license. The GPL-compatible license (a.k.a. the Sleepycat license) is given below. A good overview and background behind the Sleepycat license, which also applies for cryptlib, is also available. 

Copyright 1992-2004 Peter Gutmann. All rights reserved.

Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice, this 
   list of conditions and the following disclaimer.


Normal.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation 
   and/or other materials provided with the distribution.


Normal.
3. Redistributions in any form must be accompanied by information on how to obtain complete source code for the cryptlib software and any accompanying 
   software that uses the cryptlib software.
"software that uses the cryptlib software" is worrying to me. If that software is legally a derived work, then we're fine; otherwise, we may be failing DFSG 9. Not only that, this may not be GPL-compatible then.
Other than that "apt-get source foo" in doc/package/copyright seems to count. 


 The source code must either be
included in the distribution or be available for no more than the cost of 
   distribution, and must be freely redistributable under reasonable
   conditions.
"reasonable conditions" aren't defined; I assume that distributing under this license counts. I also assume the GPL counts, as the license is labeled GPL compatible.
Putting the sources on an FTP site seems fine. Note that the license doesn't say how long they must be available for, that is a little troubling. 


For an executable file, complete source code means the source
code for all modules it contains or uses. It does not include source code for modules or files that typically accompany the major components of the 
   operating system on which the executable file runs.
This looks pretty much like the GPL. "or uses" is a little worrying again...
THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT, ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 
OF SUCH DAMAGE.
If you're unable to comply with the above license then the following, alternate usage conditions apply:
It appears that the following terms are optional (especially see the part up top about dual-licensing). I'm thus ignoring them, as they are clearly non-free.
Any large-scale commercial use of cryptlib requires a license. "Large-scale commercial use" means any revenue-generating purpose such as use for company- internal purposes, or use of cryptlib in an application or product, with a total gross revenue of over US$5,000. This allows cryptlib to be used in freeware and shareware applications, for evaluation and research purposes, and for non-revenue-generating or personal use without charge. In addition the author reserves the right to grant free licenses for commercial use in special cases (for example where there is a general benefit to the public), contact the author for details if you think you qualify.
For information on commercial use, there is a cryptlib brochure available in Adobe Acrobat format.
Reply to: