Return-Path: 
 <dev-return-8129-apmail-couchdb-dev-archive=couchdb.apache.org@couchdb.apache.org>
Delivered-To: apmail-couchdb-dev-archive@www.apache.org
Received: (qmail 54050 invoked from network); 18 Jan 2010 19:24:39 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3)
  by minotaur.apache.org with SMTP; 18 Jan 2010 19:24:39 -0000
Received: (qmail 19206 invoked by uid 500); 18 Jan 2010 19:24:38 -0000
Delivered-To: apmail-couchdb-dev-archive@couchdb.apache.org
Received: (qmail 19113 invoked by uid 500); 18 Jan 2010 19:24:38 -0000
Mailing-List: contact dev-help@couchdb.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@couchdb.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@couchdb.apache.org>
List-Post: <mailto:dev@couchdb.apache.org>
List-Id: <dev.couchdb.apache.org>
Reply-To: dev@couchdb.apache.org
Delivered-To: mailing list dev@couchdb.apache.org
Received: (qmail 19103 invoked by uid 99); 18 Jan 2010 19:24:38 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 18 Jan 2010 19:24:38 +0000
X-ASF-Spam-Status: No, hits=2.2 required=10.0
	tests=HTML_MESSAGE,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: domain of jdknezek@gmail.com designates
 74.125.78.24 as permitted sender)
Received: from [74.125.78.24] (HELO ey-out-2122.google.com) (74.125.78.24)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 18 Jan 2010 19:24:31 +0000
Received: by ey-out-2122.google.com with SMTP id 4so628535eyf.41
        for <dev@couchdb.apache.org>; Mon, 18 Jan 2010 11:24:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:mime-version:received:in-reply-to:references
         :date:message-id:subject:from:to:content-type;
        bh=pyfmeAFczm33BpbFRuK+MBz+x8HEDWmi9R7NDp7H7jY=;
        b=mpT/Y7fIKn3coP1YKO1YQl58uGs3Qz3Hq/bKaH871S6dwxPtod2ebTbc0nuEc3ZTJA
         0um66SlOKKZv7SkjO3lLmYTaIvOsx074rCWdJcwtmVwq2zUpCzbMOL+1qyeK2WI0nLYd
         0NBMeAqzeWD+61NY3fLlc+ev/bTsuh8wxaaHs=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type;
        b=kTlZuU9Mgc0Kz69f5KdMnUGo7tVMN2l014s5rW7w1Cb9TVO+W3MHrWb+bvBgd3EUmD
         JhG6R2zO7JyQwb9a3CiriGjf0H53aSjT2o83Ri0/g87gwLr1lPojva3QtqE1VcLyTKqv
         xjcFq0D5koTiX5/3vpJ0jHlG31q8rGzy98GbY=
MIME-Version: 1.0
Received: by 10.216.86.135 with SMTP id w7mr2231861wee.176.1263842650172;
 Mon,
	18 Jan 2010 11:24:10 -0800 (PST)
In-Reply-To: <e282921e1001181112x513a5fbdla9aa370eb06d952a@mail.gmail.com>
References: <8fd705a91001171317j6bb0c011keb40db65d87c0e7a@mail.gmail.com>
	 <e282921e1001171408y6cee7918nd44b3ccfdb702e32@mail.gmail.com>
	 <8fd705a91001171706x6fbb8f5au327f525ab77eb66f@mail.gmail.com>
	 <FF086081-D7AB-4547-9E68-D1505C1B3443@BBC.co.uk>
	 <8fd705a91001180123o54783cb0q772b21baf757546b@mail.gmail.com>
	 <e282921e1001181112x513a5fbdla9aa370eb06d952a@mail.gmail.com>
Date: Mon, 18 Jan 2010 13:24:10 -0600
Message-ID: <8fd705a91001181124p19c9864apb2de94648237302@mail.gmail.com>
Subject: Re: Making CouchDB crypto dependency optional
From: Jonathan <jdknezek@gmail.com>
To: dev@couchdb.apache.org
Content-Type: multipart/alternative; boundary=0016e6d64956372cef047d754cc5

--0016e6d64956372cef047d754cc5
Content-Type: text/plain; charset=UTF-8

On Mon, Jan 18, 2010 at 1:12 PM, Chris Anderson <jchris@apache.org> wrote:

> On Mon, Jan 18, 2010 at 1:23 AM, Jonathan <jdknezek@gmail.com> wrote:
> > On Sun, Jan 17, 2010 at 11:31 PM, Dirk-Willem van Gulik <
> > Dirk-Willem.van.Gulik@bbc.co.uk> wrote:
> >
> >> Sorry - that is the algorithm - not the *implementation*.
>
> > Excellent, thanks very much for the clarification - I'm thoroughly
> > inexperienced when it comes to licensing.  My code was based off of
> > pseudocode listed on Wikipedia and so (I believe) would fall under the
> > CC-BY-SA license - I've updated the Jira issue as appropriate.  Thank you
> > for catching this early.
>
> Thanks for taking this so seriously. I think it would really help
> CouchDB a lot to have the option to fall back to native crypto in
> environments that don't have the dependencies.
>

At Dw's clarification, if creating a concrete implementation of the
pseudo-code description of an algorithm counts as a derivative work of that
pseudo-code, the SHA code I've ported falls under CC-By-SA license and so
would be unusable with the Apache license.

That aside, it's quite slow... a better option would be to implement the SHA
portions (from spec alone) in C/++ and access them using Erlang ports.  I
will gladly work on this, but is any code I spit out tainted as CC-By-SA by
the fact I've looked at the imperative pseudo-code? :P

Is there anything sane we can do to add entropy to the random seed --
> anyone have any options on how much more likely this could make uuid
> collisions?
>

Out of my league, sorry :[


Jonathan

--0016e6d64956372cef047d754cc5--