[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RIPEMD crytographic hash function

[CC'ed debian-legal, they can probably give a more detailed and
informed analysis of the proposed license]

Antoon Bosselaers <bosselae@esat.kuleuven.be> writes:

> Dear Sebastian,
> The conditions of use you are quoting have been replaced for some
> years now by the conditions listed below, see also
> http://homes.esat.kuleuven.be/~cosicart/ps/AB-9601/.
> Conditions for use of the RIPEMD-160 Software
> The RIPEMD-160 software is freely available for use under the terms and
> conditions described hereunder, which shall be deemed to be accepted
> by any user of the software and applicable on any use of the software:
> 1. K.U.Leuven Department of Electrical Engineering-ESAT/COSIC shall for all
>     purposes be considered the owner of the RIPEMD-160 software and of all
>     copyright, trade secret, patent or other intellectual property rights
>     therein.
> 2. The RIPEMD-160 software is provided on an "as is" basis without
> warranty of any sort, express or implied. K.U.Leuven makes no
> representation that the use of the software will not infringe any
> patent or proprietary right of third parties. User will indemnify
> K.U.Leuven and hold K.U.Leuven harmless from any claims or
> liabilities which may arise as a result of its use of the software.
> In no circumstances K.U.Leuven R&D will be held liable for any
> deficiency, fault or other mishappening with regard to the use or
> performance of the software.
> 3. User agrees to give due credit to K.U.Leuven in scientific publications
>     or communications in relation with the use of the RIPEMD-160 software
>     as follows: RIPEMD-160 software written by Antoon Bosselaers,
>     available at http://www.esat.kuleuven.be/~cosicart/ps/AB-9601/.
This is not a free software licence at all; clause 1 does basically
say "all rights reserved", this restriction is not lifted in the
following clauses. A license to be considered DFSG-free must permit
use, modification and distribution, have a look at:


AFAICS, this license fails clauses 1 (Free Redistribution) and 3
(Derived Works) of the DFSG.

> Do you have any problems with these conditions? If not, I propose to
> include these conditions. Otherwise, we are prepared to adapt the
> conditions in order for you to include the algorithm back into the
> Debian packages of python-crypto.
I would recommend starting from a BSD-style license; your conditions
look similiar in spirit (provided that the restriction of
redistribution and modification is unintended):


Thank you for your cooperation on trying to get the RIPEMD
implementation into Debian!

Kind Regards, Rotty
Andreas Rottmann         | Rotty@ICQ      | 118634484@ICQ | a.rottmann@gmx.at
http://yi.org/rotty      | GnuPG Key: http://yi.org/rotty/gpg.asc
Fingerprint              | DFB4 4EB4 78A4 5EEE 6219  F228 F92F CFC5 01FD 5B62
v2sw7MYChw5pr5OFma7u7Lw2m5g/l7Di6e6t5BSb7en6g3/5HZa2Xs6MSr1/2p7 hackerkey.com

Python is executable pseudocode, Perl is executable line-noise.

Reply to: