Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 30 Sep 2012 00:43:56 +0400
From: Alexander Cherepanov <cherepan@...me.ru>
To: john-dev@...ts.openwall.com
Subject: Re: unrar license is not compatible with gpl, it is not
 free at all

On 2012-09-29 16:47, magnum wrote:
>> On Sat, Sep 29, 2012 at 7:20 AM, Alexander Cherepanov <cherepan@...me.ru> wrote:
>>> I'm afraid you are. Although I'm not 100% sure -- I don't remember
>>> exactly how GPL is applied to source-only distribution and I don't know
>>> well enough which parts of john are under GPL, who their authors are and
>>> how they interact. Maybe license exception from Solar is enough but
>>> maybe not.
[skip]
> Is there a difference between just "GPL" and explicitly "GPL v2"? 

Not in this area.

> This is a list of files containing any reference to GPL:
> 
> $ git grep -l GPL
> BFEgg_fmt_plug.c
> alghmac.h
> gladman_fileenc.h
> gladman_hmac.c
> gladman_hmac.h
> gladman_pwd2key.c
> gladman_pwd2key.h

Gladman's files are dual-licensed and the main license seems to be
BSD-like (without advertizing clause) so it should be ok without
converting to GPL.

> ike_fmt_plug.c
> keepass2john.c
> lowpbe.c
> lowpbe.h
> mozilla_des.c
> mozilla_des.h
> mozilla_fmt.c
> npdf_fmt_plug.c
> office2john.c
> pfx2john.c
> undrop.c
> vnc_fmt_plug.c
> vncpcap2john.cpp

There are more files:

$ git grep -l gpl
opencl/cryptsha256_kernel_AMD.cl
opencl/cryptsha256_kernel_DEFAULT.cl
opencl/cryptsha256_kernel_NVIDIA.cl
opencl/cryptsha512_kernel_AMD.cl
opencl/cryptsha512_kernel_DEFAULT.cl
opencl/cryptsha512_kernel_NVIDIA.cl
opencl/msha_kernel.cl
opencl/sha1_kernel.cl
opencl/sha512-ng_kernel.cl
opencl/sha512-ng_kernel_LOCAL.cl
opencl/ssha_kernel.cl
opencl_cryptsha256.h
opencl_cryptsha256_fmt.c
opencl_cryptsha512.h
opencl_cryptsha512_fmt.c
opencl_device_info.h
opencl_mysqlsha1_fmt.c
opencl_nsldaps_fmt.c
opencl_rawsha1_fmt.c
opencl_rawsha512-ng.h
opencl_rawsha512-ng_fmt.c

(not including unused/ ).

> Of those, only the last two (VNC) says "GPL v2". We could opt to drop/rewrite those instead of RAR (in case it's the "v2" that is a problem, but maybe that's not it).

It doesn't matter which version of GPL is used. It's a basic property of
copyleft that you cannot include anything non-free.

> After some thought I think it's very unlikely that just a source tree could possibly violate any license. So is the user violating a license when he/she builds JtR? Or is it only a violation when someone distributes a binary?

It seems to be a big grey area and that the exact conclusion would be
depended on details of how gpled parts are intermixed with other parts
etc. Here are some examples of SFLC/FSF's decisions for comparison:

- "PHP in WordPress themes must be GPL":

  http://wordpress.org/news/2009/07/themes-are-gpl-too/

IMO it's very similar to the situation with john's formats.

- "Patches are still derivative works":

  http://circlemud.org/maillist/2001-10/0058.html

This means that even moving of rar support into a patch will not help
unless Solar adds a special exception into john's license.

Some consider position of FSF overreaching but given non-freeness of
unrar I'm not sure I want to dig into it any deeper.

IMHO a realistic plan would be like this:
- for Solar Designer to give you an exception to combine his files with
unrar (this exception could be given to you personally instead of being
applicable to general public);
- create another git branch (say, unstable-jumbo-nonfree) from
unstable-jumbo and remove everything GPL'd from it except for Solar's
files (maybe even remove all formats except for rar);
- remove rar from unstable-jumbo;
- long-term: make free rar support based on The Unarchiver and drop the
non-free one.

In any case the text of GPLv2 should be included into the project.
Distributing john without is not legal. The text is here:

  https://www.gnu.org/licenses/old-licenses/gpl-2.0.txt

-- 
Alexander Cherepanov

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.