couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dirk-Willem van Gulik <>
Subject Re: Making CouchDB crypto dependency optional
Date Mon, 18 Jan 2010 05:31:15 GMT

On 18 Jan 2010, at 01:06, Jonathan wrote:

> I've updated the gist to include (along with fixes thanks to said testing)
> the test_sha/1 and test_sha_mac/1 functions, which will test random messages
> As for the licensing, I'm definitely not a lawyer.  For what it's worth, the
> reference implementation was published in RFC 3174, which in turn draws
> mostly from NIST FIPS 180-1, which was superseded by FIPS 180-2.  According
> to

Sorry - that is the algorithm - not the *implementation*. 

If you wrote it from scratch - just using documents like above - then you are good (and all
that is needed is a software grant from you - or a contribution under a CLA - and point to
the document as the source.).

HOWEVER if you took some random piece of existing code and 'erlangfied' it; or cut-and-pasted,
say, C, Perl, Java or other third party existing code into it - and then massaged that to
work *then* you have to be significantly more careful. There are then 4 cases:

-	You only took one or two lines from someone else their code 'in total' as a starting point.

-	You took some lines from code under a BSD, ASL or similar 'open' license (e.g. say from
APR or from OpenSSL itself).

-	You took code from a GPL, LGPL or similar family of code.

-	You took code which someone (you perhaps) once wrote for a company.

In the first two cases; no problem - just document where you took it and point to the license
as needed. In the third case - big no-no; in the final case - better get permission from the
person who paid you.

As to 'recognizing' this - you'd be surprized how unique certain spaces/variable name and
orderings are - and how many permutations are possible - or in other words - how long the
'fingerprint' of a given original last through cut and paste.


This e-mail (and any attachments) is confidential and may contain personal views which are
not the views of the BBC unless specifically stated.
If you have received it in error, please delete it from your system.
Do not use, copy or disclose the information in any way nor act in reliance on it and notify
the sender immediately.
Please note that the BBC monitors e-mails sent or received.
Further communication will signify your consent to this.

View raw message