[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: DNSsafe license

In article <E10NKzN-0003qw-00@night> you wrote:
> I'm afraid this is definitely non-free.  It forbids distribution of
> modified versions on several counts:

Be patient with me.  I don't see the problem, at least not yet.  I wouldn't
have brought the license to debian-legal if I thought it were beyond question,
but some discussion will be required to convince me of your assertions.

>> The DNSsafe software cannot be used or distributed separately from the
>> BIND software.  You only have the right to use it or distribute it as
>> a bundled, integrated product.

Which section of the DFSG does this violate?  It prevents me from packaging
things such that the DNSsafe library is a separate entity from BIND, clearly.
It means that someone else can't "borrow" the DNSsafe library from BIND without
negotiating a different license with RSA.  However, I fail to see how this 
restricts distribution of modified versions of BIND in any way.

>> The DNSsafe software can ONLY be used to provide authentication for
>> resource records in the Domain Name System, as specified in RFC 2065
>> and successors.  You cannot modify the BIND software to use the
>> DNSsafe software for other purposes, or to make its cryptographic
>> functions available to end-users for other uses.

This is unfriendly to the free software community at large, to the extent that
someone might want to use the DNSsafe code for some non-DNS purpose which this
license would not cover, forcing them to negotiate a different license with
RSA.  But again, I don't see how this violates the DFSG... or how it in any
way prevents distribution of BIND.

>> If you modify the DNSsafe software itself, you cannot modify its
>> documented API, [...]

This one is the most problematic point for me.  I'd like the API to be as free
as the software, but I can't see how this violates the DFSG.  We have lots of
cases where free software implements one or the other side of a proprietary 
API, after all.


Reply to: