Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 18 Jun 1995 20:21:33 +0200
From:      Mark Murray <mark@grondar.za>
To:        "Rodney W. Grimes" <rgrimes@gndrsh.aac.dev.com>
Cc:        mark@grondar.za (Mark Murray), Wollman@halloran-eldar.lcs.mit.edu, gibbs@freefall.cdrom.com, current@freebsd.org
Subject:   Re: Crypto code - an architectural proposal. 
Message-ID:  <199506181821.UAA25378@grumble.grondar.za>

next in thread | raw e-mail | index | archive | help
> > What I would like to do is remove the DES library (libdes.*) from
> > eBones/des and put it in secure/lib/libdes, where I believe it belongs.
> 
> You don't state your reasons for believing this is where it belongs :-(.

<gulp> Right. The DES library is of use to more than just eBones. I have
a des(1) that is a Sun-compatible DES-encrypter as well as an encrypting
telnet that uses this.

> And I know have another big problem with the code in there.. it is
> GPL'ed and not in the gnu subdirectory :-(.  [Read copyright on fcrypt.c,
> went and read eBones/docs.original/README :-(.

WHOAH! The Eric Young code I have is specifically _not_ GPL'ed. He has 
a very permissive licence that only really prohibits relicensing. This
includes fcrypt.c. I'll tack a copy of his license to the end of this.
(Also in the README you mention, the GPL is optional. The `artistic'
license is the other option and that is pretty cool.)

> Also does this code come with eBones?  Should this could be maintained
> on a vendor branch?

No. It was built to be US-DES compliant, but I got it as a separate
library including other bits and pieces (some of which may get you guys in
trouble like RSA) of crypto code. Geoff Rehmet put it into eBones as at
that time that was the only code which used it.

A vendor branch _may_ be a good idea, but I had to do some slash-and-burn
to make it look like BSD code. (Only to the directory structure, I have
not touched a single *.[ch] file). I am not 100% sure of the issues here,
so I will follow your guidance.

> > Included in the new DES code that I have (and in the old BTW) is
> > fcrypt.c, which is a faster (2-3 times) replacement for the DES-based
> > crypt(3) we are currently using. I would like to include this fcrypt.c
> > in libdes to reduce the number of libraries produced.
> 
> That would make libdes GPL'ed.  Sorry, I can't go for that...

Nope. See above. This is Eric Young code.

> > Secure telnet and other bits of code will benefit from this move/merge.
> 
> Makeing telnet and other bits of code GPL'ed :-(.
> 
> > What say you?
> 
> Stop the GPV (Gnu Public Virus or something like that) :-(

:-)
Here is Eric's copyright - which applies to all code I want to import:

------------------------------8<---------------------------------------
Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
All rights reserved.

This package is an DES implementation written by Eric Young (eay@mincom.oz.au).
The implementation was written so as to conform with MIT's libdes.

This library is free for commercial and non-commercial use as long as
the following conditions are aheared to.  The following conditions
apply to all code found in this distribution.

Copyright remains Eric Young's, and as such any Copyright notices in
the code are not to be removed.
If this package is used in a product, Eric Young should be given attribution
as the author of that the SSL library.  This can be in the form of a textual
message at program startup or in documentation (online or textual) provided
with the package.

Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the copyright
   notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
   notice, this list of conditions and the following disclaimer in the
   documentation and/or other materials provided with the distribution.
3. All advertising materials mentioning features or use of this software
   must display the following acknowledgement:
   This product includes software developed by Eric Young (eay@mincom.oz.au)

THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
SUCH DAMAGE.

The license and distribution terms for any publically available version or
derivative of this code cannot be changed.  i.e. this code cannot simply be
copied and put under another distrubution license
[including the GNU Public License.]

The reason behind this being stated in this direct manner is past
experience in code simply being copied and the attribution removed
from it and then being distributed as part of other packages. This
implementation was a non-trivial and unpaid effort.
------------------------------8<---------------------------------------

M
--
Mark Murray
46 Harvey Rd, Claremont, Cape Town 7700, South Africa
+27 21 61-3768 GMT+0200



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199506181821.UAA25378>