I maintain the BIND package for Debian. The new 8.2 version of BIND has been
released, and one of the significant new features is the DNS security system.
This functionality depends on DNSsafe, which is code licensed by RSA Data
Security to the Internet Software Consortium for use with BIND, clearly with
the intent that it be broadly deployed and used.
I've looked at the license, and I think it's ok. However, I'm not an expert
on licenses like this, and I would appreciate review of the terms by the
debian-legal community, to confirm or deny complicance of this license with
the DFSG before I upload BIND 8.2 packages to main.
DNSSAFE LICENSE TERMS
This BIND software includes the DNSsafe software from RSA Data
Security, Inc., which is copyrighted software that can only be
distributed under the terms of this license agreement.
The DNSsafe software cannot be used or distributed separately from the
BIND software. You only have the right to use it or distribute it as
a bundled, integrated product.
The DNSsafe software can ONLY be used to provide authentication for
resource records in the Domain Name System, as specified in RFC 2065
and successors. You cannot modify the BIND software to use the
DNSsafe software for other purposes, or to make its cryptographic
functions available to end-users for other uses.
If you modify the DNSsafe software itself, you cannot modify its
documented API, and you must grant RSA Data Security the right to use,
modify, and distribute your modifications, including the right to use
any patents or other intellectual property that your modifications
You must not remove, alter, or destroy any of RSA's copyright notices
or license information. When distributing the software to the Federal
Government, it must be licensed to them as "commercial computer
software" protected under 48 CFR 12.212 of the FAR, or 48 CFR
227.7202.1 of the DFARS.
You must not violate United States export control laws by distributing
the DNSsafe software or information about it, when such distribution
is prohibited by law.
THE DNSSAFE SOFTWARE IS PROVIDED "AS IS" WITHOUT ANY WARRANTY
WHATSOEVER. RSA HAS NO OBLIGATION TO SUPPORT, CORRECT, UPDATE OR
MAINTAIN THE RSA SOFTWARE. RSA DISCLAIMS ALL WARRANTIES, EXPRESS,
IMPLIED OR STATUTORY, AS TO ANY MATTER WHATSOEVER, INCLUDING ALL
IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
PURPOSE AND NON-INFRINGEMENT OF THIRD PARTY RIGHTS.
If you desire to use DNSsafe in ways that these terms do not permit,
please contact RSA Data Security, Inc., 100 Marine Parkway, Redwood
City, California 94065, USA, to discuss alternate licensing