[Fedora-legal-list] Re: Legal Problem: md5 implementation
Tom "spot" Callaway
tcallawa at redhat.com
Tue Sep 18 13:29:16 UTC 2007
On Mon, 2007-09-17 at 18:02 -0400, Tom Lane wrote:
> "Tom \"spot\" Callaway" <tcallawa at redhat.com> writes:
> > Some of Fedora's packages are using an MD5 implementation which is under
> > a GPLv2/v3 incompatible license, specifically, the RSA implementation
> > which is under BSD with advertising.
>
> Hmm. mysql does appear to be using this implementation, but since they
> are specifically distributing under GPL v2 *only*, I'm not sure it's a
> problem. Or are you saying BSD+ad is incompatible with v2 as well?
Yes. BSD+ad is incompatible with GPLv2 and GPLv3.
> > If it is the RSA
> > implementation, we're going to need to replace it (coreutils has a GPL
> > compatible implementation that should be a drop in).
>
> Not sure I see the point of the sort of patch you seem to envision.
> If we are shipping SRPMs containing upstream tarballs that contain
> BSD+ad code, haven't we got an issue anyway?
BSD + advertising is Free, but GPL incompatible. It only becomes a
problem when BSD+ad code is directly compiled into GPL/LGPL licensed
code. So, its fine to have a standalone BSD+ad package, but it is
definitely not fine for a GPL licensed software package to have BSD
+advertising code inside it.
~spot
More information about the Fedora-legal-list
mailing list