Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Tue, 1 Oct 2013 15:18:27 +0400
From: Solar Designer <solar@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: MIT-licensed files

Dhiru, Lukas, magnum -

Besides the (now changed) 7z format, there are a few more source files
with MIT license.  I think most of those should be changed to use our
standard cut-down BSD license wording instead.  Only those files where
we're using code from third-party authors (not direct contributors to
JtR) should retain their original licenses (so if they were under MIT
license, it makes sense to keep our changes under MIT license too).

Here are the files:

src/agilekeychain_fmt_plug.c
src/opencl_agilekeychain_fmt.c

The comments say that these are "based on agilekeychain", but it is not
clear to me what code, if any, from this third-party project is still in
these files.  I don't immediately see any such code.  Dhiru?

If there's third-party code in there, then let's keep the license as is.
If not, then let's relicense to our standard cut-down BSD license.

src/lastpass_sniffed_fmt_plug.c

Looks like Dhiru's code only, so please relicense.

src/opencl_blockchain_fmt.c

Looks like code by Lukas and Dhiru only.  Dhiru, please relicense.
(Right now, this uses a mix of the two licenses for no good reason.)

src/blockchain_fmt_plug.c

Looks like Dhiru's code only, so please relicense.

src/cloudkeychain_fmt_plug.c

A weird mix of copyright statements and licenses.  I have difficulty
parsing it unambiguously.

Dhiru, Lukas - please help us figure out who did what to this code, who
the current copyright holders are, and what license(s) apply.  Ideally,
it'd be just our cut-down BSD, but if James Brown's code was licensed
differently and is still in there (I don't see any of it in there), then
we may use its license.

run/1password2john.py

Per the comments, this has MIT-licensed "code borrowed from" projects by
James Brown and Antonin Amand.  (With slightly different MIT license
wording for the two.)  If so, it might have to stay the same, but it
could be made clearer what license applies to Dhiru's changes.  In fact,
Dhiru, does this script possibly contain more of your own code than the
borrowed code?  Anyhow, as it is there's no license in there for your
changes or portions of code, which is wrong.  You only state that you
"modified" this file, but you do not license it to the general public
under any terms.  This needs to be corrected, perhaps by claiming
copyright to your changes and adopting one of the two already-used MIT
license wordings for your changes as well.  BTW, s/Modfied/Modified/

run/office2john.py

This file only lists third-party copyright holders (not direct JtR
contributors).  Perhaps it has had plenty of changes made by direct JtR
contributors, who did not care to claim copyright and license their
changes.  This might make the file non-redistributable (e.g., in the
eyes of Debian).  We need to figure out and correct this.

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.