HTTP Digest auth module for JtR, copyright issues

Solar Designer solar at
Mon Jan 19 03:00:13 UTC 2009


On Sun, Jan 18, 2009 at 08:46:09PM +0100, David Paleino wrote:
> Is "GPLv2 or later" ok to you? (that's to ensure inclusion in upstream code)

No license choice can "ensure" inclusion, it can merely "allow" for
inclusion.  OK, I am nitpicking.

More importantly, "GPLv2 or later" is not sufficient to allow for
inclusion upstream, as I explained in my posting:

Maybe I did not express it clearly enough...

By "dual-license" I definitely did not mean just the "v2 or later" thing,
I meant "GPL or something more permissive at the user's discretion" -
that is, besides GPL there has to be a more permissive license allowing
for proprietary derived works.

In a follow-up posting, I mentioned that I'd be happy if all
contributions, short of those placed in the public domain (which I like
best), were licensed under the micro-license found in nonstd.c:

 * This software may be modified, redistributed, and used for any purpose,
 * so long as its origin is acknowledged.

For the nitpickers, let's extend the suggested license to:

This software may be redistributed and used in source and binary forms,
with or without modification, so long as its origin is acknowledged.

This suggested wording resembles that of 2-clause BSD more closely, yet
it replaces the 2 clauses requiring specific attribution with the more
premissive wording from Matthew Kwan's micro-license.

Matthew Kwan's original wording, quoted above, has the same issue that
the ISC license does, where one might claim that redistribution of
modified versions was not permitted.  See:


More information about the Pkg-john-devel mailing list