Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 2 Jun 2011 16:30:56 +0400
From: Solar Designer <solar@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: licensing of changes

Jim, all -

In 1.7.7-jumbo-5-RC7, unique.c says:

 * This file is part of John the Ripper password cracker,
 * Copyright (c) 1998,1999,2002,2003,2005,2006,2011 by Solar Designer
 *
 * ...with changes in the jumbo patch for mingw and MSC, by JimF.
 *
 * Additional changes, Jim Fougeron
 * These changes fall under the normal Copyright of John the Ripper

Unfortunately, this "doesn't work".  There's no such thing as "the
normal Copyright of John the Ripper".  Our current practice is that
every author retains copyright to their code (new source files and major
changes to existing source files), but needs to license it such that the
code is usable in JtR.  We could say "the normal license" (not
"Copyright"), which maybe would imply GPLv2 for the free JtR, but it
would make things unclear re: ability to re-license future versions
differently (e.g., move to a new version of the GNU GPL) and for
possible use in JtR Pro.

The workaround I am likely to use is to license individual source files
of JtR that I wrote, but that need significant additions by others,
under more permissive terms - the same ones that I ask contributors to
license their new code under.  Then we'll have this for unique.c:

 * This file is part of John the Ripper password cracker,
 * Copyright (c) 1998,1999,2002,2003,2005,2006,2011 by Solar Designer
 * Copyright (c) 2011 Jim Fougeron
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted.

This is compatible both with the free JtR's GPLv2 and with JtR Pro's
proprietary license, as well as with Open Source licenses in general (in
case we need to move from GPLv2 to another license later, or in case
another Open Source project wants to reuse this source file).

Jim - does this work for you?

Unfortunately, since I currently want to retain the monopoly on being
able to make proprietary derivatives of JtR (such as JtR Pro), I'll need
to limit this approach to a subset of JtR's source files only, not apply
it to all files at once.  So when a community member wants to make
significant additions to a source file that is in JtR proper, he/she
needs to coordinate with me to have the original file re-licensed under
more relaxed terms like above.

A possible alternative to this would be to require authors to transfer
their copyright to me (feels weird) or to Openwall, Inc.  Nmap uses this
approach (with copyright transferred to Insecure.Com LLC).  But I don't
propose that we use this approach yet.

Thanks,

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.