Date: Sun, 30 Sep 2012 00:43:56 +0400 From: Alexander Cherepanov <cherepan@...me.ru> To: john-dev@...ts.openwall.com Subject: Re: unrar license is not compatible with gpl, it is not free at all On 2012-09-29 16:47, magnum wrote: >> On Sat, Sep 29, 2012 at 7:20 AM, Alexander Cherepanov <cherepan@...me.ru> wrote: >>> I'm afraid you are. Although I'm not 100% sure -- I don't remember >>> exactly how GPL is applied to source-only distribution and I don't know >>> well enough which parts of john are under GPL, who their authors are and >>> how they interact. Maybe license exception from Solar is enough but >>> maybe not. [skip] > Is there a difference between just "GPL" and explicitly "GPL v2"? Not in this area. > This is a list of files containing any reference to GPL: > > $ git grep -l GPL > BFEgg_fmt_plug.c > alghmac.h > gladman_fileenc.h > gladman_hmac.c > gladman_hmac.h > gladman_pwd2key.c > gladman_pwd2key.h Gladman's files are dual-licensed and the main license seems to be BSD-like (without advertizing clause) so it should be ok without converting to GPL. > ike_fmt_plug.c > keepass2john.c > lowpbe.c > lowpbe.h > mozilla_des.c > mozilla_des.h > mozilla_fmt.c > npdf_fmt_plug.c > office2john.c > pfx2john.c > undrop.c > vnc_fmt_plug.c > vncpcap2john.cpp There are more files: $ git grep -l gpl opencl/cryptsha256_kernel_AMD.cl opencl/cryptsha256_kernel_DEFAULT.cl opencl/cryptsha256_kernel_NVIDIA.cl opencl/cryptsha512_kernel_AMD.cl opencl/cryptsha512_kernel_DEFAULT.cl opencl/cryptsha512_kernel_NVIDIA.cl opencl/msha_kernel.cl opencl/sha1_kernel.cl opencl/sha512-ng_kernel.cl opencl/sha512-ng_kernel_LOCAL.cl opencl/ssha_kernel.cl opencl_cryptsha256.h opencl_cryptsha256_fmt.c opencl_cryptsha512.h opencl_cryptsha512_fmt.c opencl_device_info.h opencl_mysqlsha1_fmt.c opencl_nsldaps_fmt.c opencl_rawsha1_fmt.c opencl_rawsha512-ng.h opencl_rawsha512-ng_fmt.c (not including unused/ ). > Of those, only the last two (VNC) says "GPL v2". We could opt to drop/rewrite those instead of RAR (in case it's the "v2" that is a problem, but maybe that's not it). It doesn't matter which version of GPL is used. It's a basic property of copyleft that you cannot include anything non-free. > After some thought I think it's very unlikely that just a source tree could possibly violate any license. So is the user violating a license when he/she builds JtR? Or is it only a violation when someone distributes a binary? It seems to be a big grey area and that the exact conclusion would be depended on details of how gpled parts are intermixed with other parts etc. Here are some examples of SFLC/FSF's decisions for comparison: - "PHP in WordPress themes must be GPL": http://wordpress.org/news/2009/07/themes-are-gpl-too/ IMO it's very similar to the situation with john's formats. - "Patches are still derivative works": http://circlemud.org/maillist/2001-10/0058.html This means that even moving of rar support into a patch will not help unless Solar adds a special exception into john's license. Some consider position of FSF overreaching but given non-freeness of unrar I'm not sure I want to dig into it any deeper. IMHO a realistic plan would be like this: - for Solar Designer to give you an exception to combine his files with unrar (this exception could be given to you personally instead of being applicable to general public); - create another git branch (say, unstable-jumbo-nonfree) from unstable-jumbo and remove everything GPL'd from it except for Solar's files (maybe even remove all formats except for rar); - remove rar from unstable-jumbo; - long-term: make free rar support based on The Unarchiver and drop the non-free one. In any case the text of GPLv2 should be included into the project. Distributing john without is not legal. The text is here: https://www.gnu.org/licenses/old-licenses/gpl-2.0.txt -- Alexander Cherepanov
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.