legal June 2018

legal@lists.fedoraproject.org

7 participants
8 discussions

Sleepycat license with SaaS restriction
by Florian Weimer 08 Jul '25

08 Jul '25

cryptlib is licensed under the Sleepycat license with a SaaS restriction: “Note that decoupling the software from the user, for example by running in a SaaS configuration, does not exempt you from these requirements.” (Full text attached.) This was not part of the original Sleepycat license, so a new license tag is required. Maybe this license is not even free; this additional clause seems to be a restriction on use. But perhaps it is not so different from the AGPL. Thanks, Florian

6 8

Henry Spencer's license
by Petr Šabata 06 Mar '23

06 Mar '23

Dear legal, While checking the contents of our `perl' package, I noticed the following: (...) /* NOTE: this is derived from Henry Spencer's regexp code, and should not * confused with the original package (see point 3 below). Thanks, Henry! */ /* Additional note: this code is very heavily munged from Henry's version * in places. In some spots I've traded clarity for efficiency, so don't * blame Henry for some of the lack of readability. */ /* The names of the functions have been changed from regcomp and * regexec to pregcomp and pregexec in order to avoid conflicts * with the POSIX routines of the same names. */ (...) * pregcomp and pregexec -- regsub and regerror are not used in perl * * Copyright (c) 1986 by University of Toronto. * Written by Henry Spencer. Not derived from licensed software. * * Permission is granted to anyone to use this software for any * purpose on any computer system, and to redistribute it freely, * subject to the following restrictions: * * 1. The author is not responsible for the consequences of use of * this software, no matter how awful, even if they arise * from defects in it. * * 2. The origin of this software must not be misrepresented, either * by explicit claim or by omission. * * 3. Altered versions must be plainly marked as such, and must not * be misrepresented as being the original software. * **** Alterations to Henry's code are... **** **** Copyright (C) 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, **** 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008 **** by Larry Wall and others **** **** You may distribute under the terms of either the GNU General Public **** License or the Artistic License, as specified in the README file. (...) You can see the whole file here: https://metacpan.org/source/SHAY/perl-5.20.1/regexec.c I looked but couldn't find any common name for this license of Henry's. Is it on our list? Is it free? What name should I use in the License tag? Thank you, Petr

5 9

about openssl we may enable and build all elliptic curves on corp ?
by Sérgio Basto 05 Nov '22

05 Nov '22

Hello, I reopen or start thinking again on this question of enable elliptic curves of openssl [1] So going directly to the point, may I built all source of openssl in copr [2] ? or at least some other curves that fedora package don't ship? [1] https://bugzilla.redhat.com/show_bug.cgi?id=1405843 [2] Version: 1.0.2k %global fips_version 2.0.14 I mean sources: http://ftp.o penssl.org/source/openssl-%{version}.tar.gz and http://ftp.openssl.org/s ource/openssl-fips-%{fips_version}.tar.gz Thanks , -- Sérgio M. B.

4 6

NTP license question
by Severin Gehwolf 13 Jul '18

13 Jul '18

Hi, I'm reviewing OpenJDK and licensecheck pointed me at: http://hg.openjdk.java.net/jdk/jdk/file/cf09f0b56efd/src/jdk.crypto.cryptok… to be NTP. Is "NTP" this license? https://opensource.org/licenses/NTP If that's the case, why isn't it listed in the "Good Licenses" list here? https://fedoraproject.org/wiki/Licensing:Main?rd=Licensing#Good_Licenses What's the license of the above file? Thanks, Severin

5 10

Software whose only purpose is to breach web site terms of service
by Florian Weimer 04 Jul '18

04 Jul '18

Is it appropriate for Fedora to ship software whose only purpose is to violate terms of service of web sites, such as restrictions like this? “ You agree not to access Content through any technology or means other than the video playback pages of the Service itself, the Embeddable Player, or other explicitly authorized means […] may designate. ” The software is specifically designed to circumvent restrictions the web site operator has put in place to prevent offline viewing of content. Thanks, Florian

4 7

Are we OK with EPL-2.0 ?
by Fernando Nasser 28 Jun '18

28 Jun '18

Eclipse has updated their license... so it will come to us soon (if not already in). Fernando

2 1

netperf license: suitable for Fedora?
by Till Hofmann 25 Jun '18

25 Jun '18

Hi all, I'm considering to package netperf [1]. The license seems to be a custom HP license, but it is similar to BSD. I've attached the license text, which you can also find in the netperf repository [2]. Is this license suitable for Fedora? If so, what should the license tag be? Thanks for your advice! Kind regards Till [1] https://hewlettpackard.github.io/netperf/ [2] https://github.com/HewlettPackard/netperf/blob/master/COPYING

3 4

CDDL in system library
by Florian Weimer 18 Jun '18

18 Jun '18

libxcrypt contains some code from OpenSolaris to implement their password hashing. It's licensed under the CDDL: /* * CDDL HEADER START * * The contents of this file are subject to the terms of the * Common Development and Distribution License, Version 1.0 only * (the "License"). You may not use this file except in compliance * with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. * See the License for the specific language governing permissions * and limitations under the License. * * When distributing Covered Code, include this CDDL HEADER in each * file and include the License file at usr/src/OPENSOLARIS.LICENSE. * If applicable, add the following below this CDDL HEADER, with the * fields enclosed by brackets "[]" replaced with your own identifying * information: Portions Copyright [yyyy] [name of copyright owner] * * CDDL HEADER END */ /* * Copyright 2003 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ The rest of the library is a combination of 3-clause BSD, 2-clause BSD (ISC), LGPLv2+, CC0 or a public domain dedication, Applications do not link to this code directly, but they will use it automatically if needed, e.g. if /etc/shadow contains passwords hashed in this way. Is this a problem? I think we could patch libxcrypt to remove support at run-time if necessary, with little practical impact. Thanks, Florian

2 3

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

legal June 2018