[pkg-bacula-devel] SHA1 implementation by Steve Reid

Ian Jackson ijackson at chiark.greenend.org.uk
Wed Nov 15 15:39:18 UTC 2017

Carsten Leonhardt writes ("Re: SHA1 implementation by Steve Reid"):
> So from what you wrote earlier, I understand that the IETF saw the
> problem with code in RFCs and took steps to clarify the situation, which
> I take as a hint from the IETF that the old code from RFC_3174
> should/can be seen as unmodifiable.

But it also means that:

The upstreams (both the original author and the IETF/ISOC) all want
this code to be freely used in ways very compatible with the way we
use it.  (The fact that the old RFC is not relicensed is not because
they would object to the modifification of the old code, but simply
because IETF processes don't support such changes to old RFCs.)

So by redistributing the code we are following the intent, as we
perceive it and as it has been (belatedly) clarified, of the authors
and copyrightholders.

And, if at any point in the future somebody takes a more legalistic
view and starts sending takedown notices, we can just throw away our
existing version based on the old RFC's code and redo the integration
using the nearly-identical code from the new RFC.

So there is, I think, very little risk to us or our downstreams, of
leaving this situation as is - ie, there is no point going and trying
to weed out code based on the old RFC (even if we could somehow
reliably determine whether some code was based on the old RFC
directly, or via the new RFC with the better licence).


Ian Jackson <ijackson at chiark.greenend.org.uk>   These opinions are my own.

If I emailed you from an address @fyvzl.net or @evade.org.uk, that is
a private address which bypasses my fierce spamfilter.

More information about the pkg-bacula-devel mailing list