Re: is mixmaster dfsg-compliant ?
On Thu, Aug 15, 2002 at 04:26:02PM +0200, Eric Van Buggenhaut wrote:
> I was looking at the code of mixmaster, an anonymous remailer
> client/server application. It allows protection against traffic
> analysis and allows sending email anonymously or pseudonymously.
> I'm wondering if the licence is DFSG-compliant ? Could any lawyer here
> give an advice ?
I'm not a lawyer. But I've examined the license carefully in the past and
determined that it does not meet our Free Software Guidelines. Here's an
excerpt from my message to Lance M. Cottrell circa May 2001 regarding the
Of particular issue is item 1. B. (iii), which reads "provide Anonymizer
Inc. with a copy of the Source Code of such modifications or work by
electronic mail, and grant Anonymizer Inc. a perpetual, royalty-free
license to use and distribute the modifications or work in its products."
If Anonymizer, Inc. goes out of business or stops accepting email, then
newly modified versions of Mixmaster become undistributable. Also, if the
changes are frequent or substantial or the mail message must travel over a
very slow or expensive connection, the requirement may represent an undue
burden on the person making modifications.
Immagine for a second the case of a political dissident in an oppressive
nation who uses anonymous email to send quick snippets to news agencies in
the rest of the world. He's discovered a security problem in Mixmaster and
wants to share the fixed version with his buddies via sneakernet. He's
using a bunch of extremely slow and expensive throwaway wireless and
dialup links, and every time he keys up to transmit he risks revealing his
location. As a result, he must keep transmissions very short and leave the
area immediately afterwards. Why should he be forced to face either: 1.
letting his friends use an insecure version of Mixmaster, or 2. emailing
his substantial modifications to Anonymizer, Inc. and risking his
If 1. B. (iii) was changed to read "grant Anonymizer Inc. a perpetual,
royalty-free license to use and distribute the modifications under the
terms of this license" it would meet our Free Software Guidelines, be
safer for users that need anonymity the most, and would probably have the
same overall effect for Anonymizer Inc.
> If it may not enter Debian, can it be packaged and placed on an
> independent web page for download ?
Have a look at http://non-us.debian.org/~weasel/archive/
These packages were prepared by Peter Palfrader <firstname.lastname@example.org>, who
reports that there may be some progress in the area of getting Mixmaster's
license fixed upstream.