incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Justin Mclean <justinmcl...@me.com>
Subject Re: [VOTE] HAWQ 2.0.0-beta-incubating RC4
Date Wed, 27 Jan 2016 13:12:02 GMT
Hi,

> I think this section of NOTICE is simply not worded well enough.

No problem, if it is not bundled it should be removed, if the wording is wrong it should be
fixed.

> Not it doesn’t.

You might want to double check the files in here:
./contrib/pgcrypto
./src/interfaces/libpq

Just do a quick search for SSL for instance. Or take a look a contrib/pgcrypto/crypt-blowfish.c
it says "This code comes from John the Ripper password cracker, with reentrant and crypt(3)
interfaces added,” and that looks to be GPL software or I think public domain?  I’d expect
that to be in the LICENSE file. [1] I haven’t looked at everything in detail but there enough
for concern and IMO it needs to be double checked.

Exactly what is covered by "cryptographic functions” I’m not entirely sure. Do we have
somewhere where that is spelt out? For instance is MD5 included in that? (see ./contrib/pgcrypto/crypt-md5.c,
./contrib/pgcrypto/md5.c, ./src/backend/libpq/md5.c) or DES (./contrib/pgcrypto/crypt-des.c)
or SHA2 (./contrib/pgcrypto/sha2.c) or blowfish mentioned above? (and those are not the only
files)

> Apache License  -- no sure what you mean here -- I think we're simply
> bubbling up the dependencies NOTICEs. Why is that wrong?

Bubbling up NOTICEs is correct but AFAICS you’re not doing that.

> Not sure what do you want us to do to handle that case.

Fix the paths or remove it if it's no longer the case would be best I think.

Thanks,
Justin

1. http://www.openwall.com/john/doc/LICENSE.shtml
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org


Mime
View raw message