Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 3 Feb 2012 03:08:12 +0400
From: Solar Designer <solar@...nwall.com>
To: john-dev@...ts.openwall.com
Cc: romain.raboin@...il.com
Subject: Re: copyright and license statements

Romain, magnum -

On Thu, Jan 12, 2012 at 06:02:03AM +0100, magnum wrote:
> On 01/11/2012 05:36 AM, Solar Designer wrote:
> > When you make non-trivial changes to source files that I or someone else
> > wrote, you become a copyright holder to those derived works.  So, yes,
> > you can claim copyright, and I (and/or other authors) remain copyright
> > holders as well.  You don't have to document what exactly your copyright
> > applies to (which portions of the source file), but doing so is helpful.
> 
> I'll revise my statements. Here is an example:
> 
>  /*  HTTP Digest access authentication patch for john
>   *
>   * Written by Romain Raboin - romain.raboin at gmail.com
>   *
> + * OMP and intrinsics support: Copyright magnum 2012 and hereby
> + * released to the general public under the following terms:
> + *
> + * Redistribution and use in source and binary forms, with or without
> + * modification, is permitted.
>   */
> 
> The original file had no statements at all, but my added statements just
> applies to my changes. Does this make sense?

Not quite.  We need Romain's explicit permission to place his code under
that license - and then we'll apply the license to the entire thing,
including your changes.  Romain - is this OK with you?  Or better yet,
can you send us a patch changing the "Written by" to "Copyright" (and
year written) and adding the words "Redistribution and use in source and
binary forms, with or without modification, are permitted." ?  Please do.

Indeed, it is also possible and helpful to add informative comments on
who wrote what in that file, but they should preferably be outside of
the copyright + license statement (as long as we use the permissive
license above, so we should have no need to ask an individual copyright
holder to re-license their portion of the contribution).

In case Romain does not grant this license (or a suitable alternative),
it appears that if the set of JtR formats is considered a "collective
work", then we may still keep and redistribute Romain's contribution as
part of JtR, but our abilities to potentially reuse the code differently
are close to non-existent (very bad):

http://copyright.gov/title17/92chap2.html

"In the absence of an express transfer of the copyright or of any rights
under it, the owner of copyright in the collective work is presumed to
have acquired only the privilege of reproducing and distributing the
contribution as part of that particular collective work, any revision of
that collective work, and any later collective work in the same series."

http://www.ivanhoffman.com/derivative3.html

"A collective work is a work, such as a periodical issue, anthology, or
encyclopedia, in which a number of contributions, constituting separate
and independent works in themselves, are assembled into a collective
whole."

Alternatively, since JtR was available to Romain under GNU GPLv2 (and no
other license), which requires derivative works to also fall under that
license, it can be said that if his contribution is a "derivative work",
then it is under GNU GPLv2.  However, that does not leave me the
flexibility for re-licensing of JtR that I'd prefer to have.

It is not obvious to me which case applies and whether this choice is up
to me or not.  Also, things may vary by jurisdiction.

Overall, we're on thin ice with not explicitly licensed contributions
like this, so we need explicit licenses - like I requested above.

Disclaimer: I am not a lawyer.

Thanks,

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.