apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Orton <jor...@redhat.com>
Subject Re: apr-util removal of md4/md5 algorithms (legal issue)
Date Wed, 10 Sep 2008 08:24:23 GMT
On Mon, Sep 08, 2008 at 01:24:58PM -0400, Tom O'Brien wrote:
> Hi all:
> I'm using the Log4Cxx logging library in a project, and it uses apr and
> apr-util as part of the implementation. In reviewing the license to
> apr-util, I noticed it contained a reference to the RSA reference
> implementation to md4 and md5. The lawyers here got a look at the
> license, and were not amused (no specific right to redistribute). I saw
> that the Debian team had raised a similar issue in the mailing list archive.

I just noticed that this issue is covered in the Fedora licensing FAQ:


which references this statement from RSA:

http://www.ietf.org/ietf/IPR/RSA-MD-all [plain text sent as text/html, oops]

the Fedora FAQ says that based on this, we can simply strip the 
restrictive licensing statements from the MD4/MD5 implementation, 
retaining the RSA copyright notice alone.

Can legal-discuss@ confirm whether this is an acceptable course of 

Regards, Joe

View raw message