Hi all! These days I am trying to package md5deep for Debian[1]. Although it is my first compiled package (the other was in Python), I'm not having any technical problem. I have just a bunch of question for you about the license. I don't know if you should write to debian-legal, or you can help me directly. In most (all those I won't discuss in this email) of the sources file there is a notice like this: /* MD5DEEP - algorithms.h * * By Jesse Kornblum * * This is a work of the US Government. In accordance with 17 USC 105, * copyright protection is not available for any work of the US Government. * * This program is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. * */ As far as I know, this means that I can safely Debianize this program, simply writing in debian/copyright that it is dropped to the public domain. Anyway, some files are different headings. md5.c reports: /* * This code implements the MD5 message-digest algorithm. * The algorithm was written by Ron Rivest. This code was * written by Colin Plumb in 1993, our understanding is * that no copyright is claimed and that * this code is in the public domain. * * Equivalent code is available from RSA Data Security, Inc. * This code has been tested against that, and is * functionally equivalent, * * To compute the message digest of a chunk of bytes, declare an * MD5Context structure, pass it to MD5Init, call MD5Update as * needed on buffers full of bytes, and then call MD5Final, which * will fill a supplied 16-byte array with the digest. */ This writing talks about "our understanding". Can I trust this understanding and mark also this file as left in the public domain in debian/copyright? sha256.c has: /* * FIPS-180-2 compliant SHA-256 implementation * written by Christophe Devine * * This code has been distributed as PUBLIC DOMAIN. * * Although normally licensed under the GPL on the author's web site, * he has given me permission to distribute it as public domain as * part of md5deep. THANK YOU! Software authors are encouraged to * use the GPL'ed version of this code available at: * http://www.cr0.net:8040/code/crypto/sha256/ whenever possible. */ Is it correct to write in debian/copyright that also this file is in the public domain? tiger.c looks like a bit more difficult: /* MD5DEEP - tiger.c * * By Jesse Kornblum * * SPECIAL COPYRIGHT NOTICE FOR THIS FILE * (and this file only) * * This code was adapted from GnuPG and is licensed under the * GNU General Public License as published by the Free Software Foundation; * either version 2 of the license, or (at your option) any later version. * * Some functions have been changed or removed from the GnuPG version. * See comments for details. * * This program is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. * */ This file is surely GPL and not in the public domain. Isn't illegal to link GPL object code with other non-GPL object code and don't distribute it as GPL? In other words, because of only this GPL file, all the package should be GPL licensed, isn't it? Last, but not least, whirpool.c and whirpool.h don't have any copyright notice at all. The README says: This program is a work of the US Government. In accordance with 17 USC 105, copyright protection is not available for any work of the US Government. Lawyer to English translation: This program is PUBLIC DOMAIN. Not only is this program not copyrighted, but IT CANNOT BE COPYRIGHTED BY ANYBODY AT ANY TIME UNDER ANY CIRCUMSTANCES. In Debianizinig this program, I own a piece of copyright on the final work. Isn't this in contrast with the "Lawyer to English" clause? Sorry for writing this long and meticulous email, but this is my second package and I'm not expert yet. I wouldn't do anything illegal! Can you answer me, or should I write to debian-legal? [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=438753 -- Giovanni Mascellani <g.mascellani@gmail.com> Pisa, Italy Web: http://giomasce.altervista.org SIP: g.mascellani@ekiga.net Jabber: g.mascellani@jabber.org / giovanni@elabor.homelinux.org GPG: 0x5F1FBF70 (FP: 1EB6 3D43 E201 4DDF 67BD 003F FCB0 BB5C 5F1F BF70)
Attachment:
signature.asc
Description: PGP signature