Is it appropriate for Fedora to ship software whose only purpose is to
violate terms of service of web sites, such as restrictions like this?
You agree not to access Content through any technology or means other
than the video playback pages of the Service itself, the Embeddable
Player, or other explicitly authorized means […] may designate.
The software is specifically designed to circumvent restrictions the web
site operator has put in place to prevent offline viewing of content.
libxcrypt contains some code from OpenSolaris to implement their
password hashing. It's licensed under the CDDL:
* CDDL HEADER START
* The contents of this file are subject to the terms of the
* Common Development and Distribution License, Version 1.0 only
* (the "License"). You may not use this file except in compliance
* with the License.
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* or http://www.opensolaris.org/os/licensing.
* See the License for the specific language governing permissions
* and limitations under the License.
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
* CDDL HEADER END
* Copyright 2003 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
The rest of the library is a combination of 3-clause BSD, 2-clause BSD
(ISC), LGPLv2+, CC0 or a public domain dedication,
Applications do not link to this code directly, but they will use it
automatically if needed, e.g. if /etc/shadow contains passwords hashed
in this way.
Is this a problem? I think we could patch libxcrypt to remove support
at run-time if necessary, with little practical impact.