Re: RIPEMD crytographic hash function
[CC'ed debian-legal, they can probably give a more detailed and
informed analysis of the proposed license]
Antoon Bosselaers <firstname.lastname@example.org> writes:
> Dear Sebastian,
> The conditions of use you are quoting have been replaced for some
> years now by the conditions listed below, see also
> Conditions for use of the RIPEMD-160 Software
> The RIPEMD-160 software is freely available for use under the terms and
> conditions described hereunder, which shall be deemed to be accepted
> by any user of the software and applicable on any use of the software:
> 1. K.U.Leuven Department of Electrical Engineering-ESAT/COSIC shall for all
> purposes be considered the owner of the RIPEMD-160 software and of all
> copyright, trade secret, patent or other intellectual property rights
> 2. The RIPEMD-160 software is provided on an "as is" basis without
> warranty of any sort, express or implied. K.U.Leuven makes no
> representation that the use of the software will not infringe any
> patent or proprietary right of third parties. User will indemnify
> K.U.Leuven and hold K.U.Leuven harmless from any claims or
> liabilities which may arise as a result of its use of the software.
> In no circumstances K.U.Leuven R&D will be held liable for any
> deficiency, fault or other mishappening with regard to the use or
> performance of the software.
> 3. User agrees to give due credit to K.U.Leuven in scientific publications
> or communications in relation with the use of the RIPEMD-160 software
> as follows: RIPEMD-160 software written by Antoon Bosselaers,
> available at http://www.esat.kuleuven.be/~cosicart/ps/AB-9601/.
This is not a free software licence at all; clause 1 does basically
say "all rights reserved", this restriction is not lifted in the
following clauses. A license to be considered DFSG-free must permit
use, modification and distribution, have a look at:
AFAICS, this license fails clauses 1 (Free Redistribution) and 3
(Derived Works) of the DFSG.
> Do you have any problems with these conditions? If not, I propose to
> include these conditions. Otherwise, we are prepared to adapt the
> conditions in order for you to include the algorithm back into the
> Debian packages of python-crypto.
I would recommend starting from a BSD-style license; your conditions
look similiar in spirit (provided that the restriction of
redistribution and modification is unintended):
Thank you for your cooperation on trying to get the RIPEMD
implementation into Debian!
Kind Regards, Rotty
Andreas Rottmann | Rotty@ICQ | 118634484@ICQ | email@example.com
http://yi.org/rotty | GnuPG Key: http://yi.org/rotty/gpg.asc
Fingerprint | DFB4 4EB4 78A4 5EEE 6219 F228 F92F CFC5 01FD 5B62
Python is executable pseudocode, Perl is executable line-noise.