Some of Fedora's packages are using an MD5 implementation which is under
a GPLv2/v3 incompatible license, specifically, the RSA implementation
which is under BSD with advertising.
You can look at this code here:
We've identified packages which are possibly using this implementation,
and all maintainers are on CC. Please take a moment to look at your
packages and check to see if this md5 implementation is used.
If your package is on this list, please email me back and let me know
once you've checked the md5 implementation. If it is the RSA
implementation, we're going to need to replace it (coreutils has a GPL
compatible implementation that should be a drop in). If your package is
not under GPL or LGPL, then there is no problem, and you can just email
me and let me know that.
Thanks in advance,
I'm working on a CIM provider package where we need to ship a version
(v2.16) of the DMTF CIM schema in our package. The tog-pegasus
package does this already, but with a *very* old version (v2.9) that
does not include any of the virtualization models.
The DMTF schema files are not (AFAICT) released under any particular
license, but they do have this statement at the top-level:
// DMTF is a not-for-profit association of industry members
// dedicated to promoting enterprise and systems management and
// interoperability. DMTF specifications and documents may be
// reproduced for uses consistent with this purpose by members and
// non-members, provided that correct attribution is given.
I was planning to put a separate COPYING or LICENSE file in the
directory of the tarball/RPM containing the schema, highlighting the
above and making it clear that the schema was not covered under the
LGPL license of the package.
I would like some advice on how to proceed.
IBM Linux Technology Center
Open Hypervisor Team
My name is Michael Stone and I'm providing tech support for OLPC's legal
team as they prepare a filing to request a 'mass-market product'
classification (ECCN 5D992) from the United States' Bureau of Industry
and Security. Specifically, I'm assisting them in filling out Supplement
No. 6 to part 742 of the Export Administration Regulations .
I'm writing to you because I'm wondering if Fedora has already prepared
technical documentation (e.g. lists of algorithms, keyspaces, API
documentation, etc.) that can be re-used as a part of OLPC's filing. If
so, any pointers to these documents would be much appreciated.
 Sup. 6, 742 EAR: http://www.bis.doc.gov/encryption/sup6_742.pdf
The man-pages-it has following copyright (POSIX-COPYRIGHT):
The Institute of Electrical and Electronics Engineers (IEEE) and
The Open Group, have given us permission to reprint portions of
In the following statement, the phrase ``this text'' refers to
portions of the system documentation.
Portions of this text are reprinted and reproduced in electronic form
in the linux-manpages package, from IEEE Std 1003.1 (TM), 2003 Edition,
Standard for Information Technology -- Portable Operating System
Interface (POSIX (R)), The Open Group Base Specifications Issue 6,
Copyright (C) 2001-2003 by the Institute of Electrical and Electronics
Engineers, Inc and The Open Group. In the event of any discrepancy
between these versions and the original IEEE and The Open Group
Standard, the original IEEE and The Open Group Standard is the referee
document. The original Standard can be obtained online at
This notice shall appear on any product containing this material.
Redistribution of this material is permitted so long as this notice and
the corresponding notices within each POSIX manual page are retained on
any distribution, and the nroff source is included. Modifications to
the text are permitted so long as any conflicts with the standard
are clearly marked as such in the text.
Shall we consider this licence free?
Di ng-Yi Chen
Recently, most (all?) of Dan Bernstein's software was relicensed into
the public domain.
Please hold off on packaging and submitting these packages for review
into Fedora, pending legal advice as to whether he can actually do that
or not, under US law.