Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Thu, 12 Jan 2012 06:02:03 +0100
From: magnum <john.magnum@...hmail.com>
To: john-dev@...ts.openwall.com
Subject: Re: copyright and license statements

On 01/11/2012 05:36 AM, Solar Designer wrote:
> When you make non-trivial changes to source files that I or someone else
> wrote, you become a copyright holder to those derived works.  So, yes,
> you can claim copyright, and I (and/or other authors) remain copyright
> holders as well.  You don't have to document what exactly your copyright
> applies to (which portions of the source file), but doing so is helpful.

I'll revise my statements. Here is an example:

 /*  HTTP Digest access authentication patch for john
  *
  * Written by Romain Raboin - romain.raboin at gmail.com
  *
+ * OMP and intrinsics support: Copyright magnum 2012 and hereby
+ * released to the general public under the following terms:
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, is permitted.
  */

The original file had no statements at all, but my added statements just
applies to my changes. Does this make sense?


> However, for some other source files I think that would be problematic.
> For example, I am uncomfortable about lifting the GPL restrictions from
> rules.c for everyone at once because that file may be of (more) interest
> to (potential) proprietary password cracker programs.  I'd like to
> retain the right to issue such non-GPL licenses to them explicitly.  If
> you simply add your copyright statement to that file, which you should
> given your contributions to it in jumbo so far, then I am stuck with
> GPLv2, not being able to re-license the file in the future (neither for
> everyone at once nor for specific companies, etc.) without coordinating
> with you (which may even involve paperwork each time we're talking
> re-licensing for a specific company).  I see the following ways to
> resolve this for such source files:
> 
> 1. Move your non-trivial contributions to separate (new) source files
> such that you can unambiguously apply your copyright statement and our
> standard permissive cut-down BSD license just to those.  Modify the
> original file (such as rules.c) in trivial ways only - e.g., adding
> calls into functions found in your new file.

This is optimal but it's too complicated. Typically I would hack away
until things are good. Then I would need to revert everything and move
it to another file. I don't think it's gonna happen in reality.


> 2. Don't retain your copyright to your changes to shared files, but
> instead transfer copyright either to me or to a legal entity that will
> be the copyright holder for JtR - perhaps to Openwall, Inc.  IIRC, this
> is the approach that e.g. the Nmap project is using (with copyright for
> contributions transferred to Insecure.Com LLC).  You will continue to be
> credited as an author of those files anyway, but not be a copyright
> holder.  (Authorship and copyright are distinct things.)

This is fine with me. Could this too be accomplished with just a
standard text that I add in the top comments? Ideally, there should be
an example of such a text on the licensing wiki page!


Another example, here is the current NT_fmt comments:

 /* NTLM patch for john (performance improvement)
  *
  * Written by Alain Espinosa <alainesp at gmail.com> in 2007.  No copyright
  * is claimed, and the software is hereby placed in the public domain.
  * In case this attempt to disclaim copyright and place the software in the
  * public domain is deemed null and void, then the software is
  * Copyright (c) 2007 Alain Espinosa and it is hereby released to the
  * general public under the following terms:
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted.
  *
  * There's ABSOLUTELY NO WARRANTY, express or implied.
  *
  * (This is a heavily cut-down "BSD license".)
  *
+ * UTF-8 support and performance tweaks by magnum 2011, same terms as
above.
+ *
  */

I did not want to repeat the same text... so does this "same terms as
above" make sense? Or should I change to this:

  * Written by Alain Espinosa <alainesp at gmail.com> in 2007 and
  * modified by magnum in 2011.  No copyright is claimed, and the
  ...


Two files I'm notoriously unsure of are rc4.h and rc4.c. I could place a
copyright in them but it would seem silly. Unless you have a better idea
I think I'll leave them as-is.

magnum

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.