Re: shc -- #335278 broken packaging -- non-DD NMU prepared
On Thursday 29 June 2006 01:10, firstname.lastname@example.org wrote:
> On Wed, Jun 28, 2006 at 12:58:59AM +0200, Alexander Schmehl wrote:
> > [ Cc-ing the bug report, so we have it in the bts, too ]
> > Hi!
> > - Now the real problem: shc.c
> > Lookit at it we have:
> > /**
> > * This software contains the 'Alleged RC4' source code.
> > * The original source code was published on the Net by a group of
> > cypherpunks. * I picked up a modified version from the news.
> > * The copyright notice does not apply to that code.
> > */
> As far as I remember, the general belief is that 'Alleged RC4' was in
> fact leaked intentionnaly by RSA inc. itself (which designed RC4). So
> much for the group of cypherpunks.
Right, ARC4 algorythm is also used in ssh. So the algorythm itself is not a
> > /**
> > * 'Alleged RC4' Source Code picked up from the news."
> > * From: email@example.com (John L. Allen)"
> > * Newsgroups: comp.lang.c"
> > * Subject: Shrink this C code for fame and fun"
> > * Date: 21 May 1996 10:49:37 -0400"
> > */
> I think it should be easy to replace that code by a DFSG-free
> implementation of RC4. Openssl include one.
I'm afraid that I can not use OpenSSL licensed code into GPL program (shc)
without a special OpenSSL exception given from the shc's upstream, which
unfortunately did not respond to any mail sent yet. Also I'm a litle bit
scared to reimplement that myself - I might introduce hell of bugs at
least ;-) ... deviating from upstream for the matter of that is not a good
pub 4096R/0E4BD0AB 2003-03-18 <people.fccf.net/danchev/key pgp.mit.edu>
fingerprint 1AE7 7C66 0A26 5BFF DF22 5D55 1C57 0C89 0E4B D0AB