Re: Cryptlib - is it DFSG-free?
On Mar 4, 2004, at 13:43, Marek Habersack wrote:
As in subject -
Please always post license conditions to the mailing list, not just
Here is a copy-and-paste job:
cryptlib is distributed under a dual license that allows free,
open-source use under a GPL-compatible license and closed-source use
under a standard commercial license. The GPL-compatible license
(a.k.a. the Sleepycat license) is given below. A good overview and
background behind the Sleepycat license, which also applies for
cryptlib, is also available.
Copyright 1992-2004 Peter Gutmann. All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
1. Redistributions of source code must retain the above copyright
list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
this list of conditions and the following disclaimer in the
and/or other materials provided with the distribution.
3. Redistributions in any form must be accompanied by information on
obtain complete source code for the cryptlib software and any
software that uses the cryptlib software.
"software that uses the cryptlib software" is worrying to me. If that
software is legally a derived work, then we're fine; otherwise, we may
be failing DFSG 9. Not only that, this may not be GPL-compatible then.
Other than that "apt-get source foo" in doc/package/copyright seems to
The source code must either be
included in the distribution or be available for no more than the
distribution, and must be freely redistributable under reasonable
"reasonable conditions" aren't defined; I assume that distributing
under this license counts. I also assume the GPL counts, as the license
is labeled GPL compatible.
Putting the sources on an FTP site seems fine. Note that the license
doesn't say how long they must be available for, that is a little
For an executable file, complete source code means the source
code for all modules it contains or uses. It does not include
for modules or files that typically accompany the major components
operating system on which the executable file runs.
This looks pretty much like the GPL. "or uses" is a little worrying
THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT, ARE DISCLAIMED.
EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
OF SUCH DAMAGE.
If you're unable to comply with the above license then the following,
alternate usage conditions apply:
It appears that the following terms are optional (especially see the
part up top about dual-licensing). I'm thus ignoring them, as they are
Any large-scale commercial use of cryptlib requires a license.
"Large-scale commercial use" means any revenue-generating purpose such
as use for company- internal purposes, or use of cryptlib in an
application or product, with a total gross revenue of over US$5,000.
This allows cryptlib to be used in freeware and shareware
applications, for evaluation and research purposes, and for
non-revenue-generating or personal use without charge. In addition the
author reserves the right to grant free licenses for commercial use in
special cases (for example where there is a general benefit to the
public), contact the author for details if you think you qualify.
For information on commercial use, there is a cryptlib brochure
available in Adobe Acrobat format.