apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm MacCarthaigh <c...@stdlib.net>
Subject Re: MD4/MD5 implementation is non-free
Date Mon, 16 Oct 2006 20:55:47 GMT
On Mon, Oct 16, 2006 at 10:07:45PM +0200, Tollef Fog Heen wrote:
> Note also that even if copyright law works that way in jurisdictions
> you are familiar with, there's no guarantee it works that way in every
> jurisdiction.  Better safe than sorry.  IMO, at least.

Copyright law is largely harmonised by the Berne convention and later
various other WIPO conventions, which is usually the context in which we
discuss these things.

Convention vests all copy-rights for a derivative work with the owner of
the original copyrights (from which the work was derived) unless the
owner explictly disclaims them. Even, if this were not the case, the
very first paragraph of the RSA license tells us all we need to know;

  "All rights reserved."

which would likely trump any copy + derivability = copyable derivative
theory in any court.

It is possible to have a license which allows from the creation of
non-distributable derivatives - while still allowing you to distribute
copies of the original - in some countries the so-called artistic rights
can play a role here too. (An artist might let you sell prints of their
painting, but you're not allowed distribute modified versions - for
reasons of artistic integrity, but you may be allowed to create modified
versions for promotional purposes).

But then all sorts of jurisdictions have other various "rights". In
Europe, it's common for there to be only a very limited right to reverse
engineer or study for the purpose of interoperability. If we were to go
down the road of insisting everything iterate every possble limited
right accross all jurisdictions, it could get very messy very quickly.

So it probably would be ever so slightly pedantically more correct to
have an explicit term allowing the distribution of derivatives, but from
here it's hard to see why we should care, RSA sure don't. This code has
been in there over a decade, is published in RFC1320 and it was clearly
intended to be liberally licensed, what on earth possible damages could
there be for this theoritical infringement?  

In other words, when you intersect this kind of anal technical and
theoritical problem with the real world, it becomes non-existant. What's
the actual threat?

I hate these damn things, alerting us to these stupid nits only causes
any theoritical infringement to become willful and over time worsens our
code-base. Anyway, our time would probably be better spent just asking
RSA for a slightly modified license.

-- 
Colm MacCárthaigh                        Public Key: colm+pgp@stdlib.net

Mime
View raw message