Re: SRP

To: debian-legal@lists.debian.org
Subject: Re: SRP
From: Don Armstrong <don@donarmstrong.com>
Date: Sun, 25 Jul 2004 14:52:56 -0700
Message-id: <[🔎] 20040725215256.GL9851@xieana.donarmstrong.org>
Mail-followup-to: debian-legal@lists.debian.org
In-reply-to: <[🔎] 1090786082.1834.13.camel@ellobo.intranet-casa>
References: <[🔎] 1090786082.1834.13.camel@ellobo.intranet-casa>

On Sun, 25 Jul 2004, MiguelGea wrote:
> Question 1: I'm not sure if there are any problem on packaging
> it. What do you think about?

See below.

> Question 2: If a program that use it shows the license only with a
> option for the executable like "program_name --version", it breaks the
> copyright?

Probably not, if you're thinking about clause 3, although if
program_name --version is an advertising material (probably is) then
it needs to include "This product includes software developed by Tom
Wu and Eugene Jhong for the SRP Distribution
(http://srp.stanford.edu/)."

> Question 3: Is this compatible with GPL?

No.

> /*
>  * Copyright (c) 1997-2003 The Stanford SRP Authentication Project
>  * All Rights Reserved.

[snip]

>  * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

If this license stopped here, all would be well with the world. But
no, it goes on:

>  * In addition, the following conditions apply:
>  *
>  * 1. Any software that incorporates the SRP authentication
>  * technology is requested to include the following acknowlegment in
>  * advertising materials: "This product uses the 'Secure Remote
>  * Password' cryptographic authentication system developed by Tom Wu
>  * (tjw@CS.Stanford.EDU)."

So they want to use copyright to control an idea? So any SRP
authentication technology package should have this advertising
statement in order to use this software?

This clause is problematic, even though it is only a request. [If
upstream means for this request to be non-binding, it shouldn't be
part of the license itself... or at the very least explain what it
means by "requested."]

>  * 2. Any software that incorporates all or part of the SRP
>  * distribution itself must include the following acknowledgment in
>  * advertising materials: "This product includes software developed
>  * by Tom Wu and Eugene Jhong for the SRP Distribution
>  * (http://srp.stanford.edu/)."

This clause makes this software GPL incompatible. so it cannot link
with anything covered by the GPL. There's no sane reason for requiring
such a clause either. Almost everyone who did use such a clause
previously has removed them by now.

Furthermore, there's been some noise about such a clause being
non-free under the DFSG, an sentiment I tend to agree with, and a
resolution may be forthcomming to deal specifically with this issue.

Don Armstrong

-- 
If a nation values anything more than freedom, it will lose its
freedom; and the irony of it is that if it is comfort or money it
values more, it will lose that, too.
 -- W. Somerset Maugham

http://www.donarmstrong.com
http://rzlab.ucr.edu

Reply to:

References:
- SRP
  - From: MiguelGea <Correo@miguelgea.com>

Prev by Date: mpeg2enc code in simage
Next by Date: Re: Summary : ocaml, QPL and the DFSG.
Previous by thread: Re: SRP
Next by thread: Re: SRP
Index(es):
- Date
- Thread