Re: is mixmaster dfsg-compliant ?

To: debian-legal@lists.debian.org
Cc: Eric.VanBuggenhaut@AdValvas.be
Subject: Re: is mixmaster dfsg-compliant ?
From: Brian Ristuccia <brian@ristuccia.com>
Date: Thu, 15 Aug 2002 10:49:25 -0400
Message-id: <[🔎] 20020815144925.GT25498@osiris.978.org>
In-reply-to: <[🔎] 20020815142602.GA19178@eric.ath.cx>
References: <[🔎] 20020815142602.GA19178@eric.ath.cx>

On Thu, Aug 15, 2002 at 04:26:02PM +0200, Eric Van Buggenhaut wrote:
> I was looking at the code of mixmaster, an anonymous remailer
> client/server application. It allows protection against traffic
> analysis and allows sending email anonymously or pseudonymously.
> 
> http://mixmaster.sourceforge.net
> 
> I'm wondering if the licence is DFSG-compliant ? Could any lawyer here
> give an advice ?
> 

I'm not a lawyer. But I've examined the license carefully in the past and
determined that it does not meet our Free Software Guidelines. Here's an
excerpt from my message to Lance M. Cottrell circa May 2001 regarding the
Mixmaster license:

  Of particular issue is item 1. B. (iii), which reads "provide Anonymizer
  Inc. with a copy of the Source Code of such modifications or work by
  electronic mail, and grant Anonymizer Inc. a perpetual, royalty-free
  license to use and distribute the modifications or work in its products."

  If Anonymizer, Inc. goes out of business or stops accepting email, then
  newly modified versions of Mixmaster become undistributable. Also, if the
  changes are frequent or substantial or the mail message must travel over a
  very slow or expensive connection, the requirement may represent an undue
  burden on the person making modifications.

  Immagine for a second the case of a political dissident in an oppressive
  nation who uses anonymous email to send quick snippets to news agencies in
  the rest of the world. He's discovered a security problem in Mixmaster and
  wants to share the fixed version with his buddies via sneakernet. He's
  using a bunch of extremely slow and expensive throwaway wireless and
  dialup links, and every time he keys up to transmit he risks revealing his
  location. As a result, he must keep transmissions very short and leave the
  area immediately afterwards. Why should he be forced to face either: 1.
  letting his friends use an insecure version of Mixmaster, or 2. emailing
  his substantial modifications to Anonymizer, Inc. and risking his
  location?

  If 1. B. (iii) was changed to read "grant Anonymizer Inc. a perpetual,
  royalty-free license to use and distribute the modifications under the
  terms of this license" it would meet our Free Software Guidelines, be
  safer for users that need anonymity the most, and would probably have the
  same overall effect for Anonymizer Inc.

> [...]
> 
> If it may not enter Debian, can it be packaged and placed on an
> independent web page for download ?
> 

Have a look at http://non-us.debian.org/~weasel/archive/

These packages were prepared by Peter Palfrader <weasel@debian.org>, who
reports that there may be some progress in the area of getting Mixmaster's
license fixed upstream.

-- 
Brian Ristuccia
brian@ristuccia.com
bristucc@cs.uml.edu

Reply to:

References:
- is mixmaster dfsg-compliant ?
  - From: Eric Van Buggenhaut <eric@sindominio.net>

Prev by Date: is mixmaster dfsg-compliant ?
Next by Date: Re: is mixmaster dfsg-compliant ?
Previous by thread: is mixmaster dfsg-compliant ?
Next by thread: Re: is mixmaster dfsg-compliant ?
Index(es):
- Date
- Thread