lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <35245979.F6S9gYasto@merkaba>
Date:   Tue, 12 Feb 2019 21:34:49 +0100
From:   Martin Steigerwald <martin@...htvoll.de>
To:     debian-legal@...ts.debian.org
Cc:     Jens Axboe <axboe@...nel.dk>, Ben Finney <bignose@...ian.org>,
        Martin Steigerwald <Martin.Steigerwald@...act.de>,
        Domenico Andreoli <cavok@...ian.org>, 919356@...s.debian.org,
        Kristian Fiskerstrand <k_f@...too.org>,
        Nadia Yvette Chambers <nyc@...omorphy.com>,
        Arnaldo Carvalho de Melo <acme@...hat.com>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        Jens Axboe <jens.axboe@...cle.com>
Subject: Re: Bug#919356: Licensing of include/linux/hash.h

Jens Axboe - 12.02.19, 17:16:
> On 2/11/19 11:27 PM, Ben Finney wrote:
> > Martin Steigerwald <Martin.Steigerwald@...act.de> writes:
> >> Well the file has in its header:
> >> 
> >> /* Fast hashing routine for a long.
> >> 
> >>    (C) 2002 William Lee Irwin III, IBM */
> >> 
> >> /*
> >> 
> >>  * Knuth recommends primes in approximately golden ratio to the
> >>  maximum * integer representable by a machine word for
> >>  multiplicative hashing. * Chuck Lever verified the effectiveness
> >>  of this technique:
> >>  * http://www.citi.umich.edu/techreports/reports/citi-tr-00-1.pdf
> >>  *
> >>  * These primes are chosen to be bit-sparse, that is operations on
> >>  * them can use shifts and additions instead of multiplications for
> >>  * machines where multiplications are slow.
> >>  */
> >> 
> >> It has been quite a while ago. I bet back then I did not regard
> >> this
> >> as license information since it does not specify a license. Thus I
> >> assumed it to be GPL-2 as the other files which have no license
> >> boiler plate. I.e.: Check file is it has different license, if
> >> not, then assume it has license as specified in COPYING.
> >> 
> >> Not specifying a license can however also mean in this context that
> >> it has no license as the file contains copyright information from
> >> another author.
> > 
> > If a work (even one file) “has no license”, that means no special
> > permissions are granted and normal copyright applies: All rights
> > reserved, i.e. not redistributable. So, no license is grounds to
> > consider a work non-free and non-redistributable.
> > 
> > If, on the other hand, the file is to be free software, there would
> > need to be a clear grant of some free software license to that
> > work.
> > 
> > Given the confusion over this file, I would consider it a
> > significant
> > risk to just assume we have GPLv2 permissions without being told
> > that
> > explicitly by the copyright holder. Rather, the reason we are
> > seeking a clearly-granted free license for this one file, is
> > because we are trying to replace a probably non-free file with the
> > same code in it.
> > 
> > It seems we need to keep looking, and in the meantime assume we have
> > no free license in this file.
> 
> FWIW, fio.c includes the following mention:
> 
>  * The license below covers all files distributed with fio unless
> otherwise * noted in the file itself.
> 
> followed by the GPL v2 license. I'll go through and add SPDX headers
> to everything to avoid wasting anymore time on this nonsense.

Thank you, Jens, for settling this. I did not remember that one. It may 
very well be that I have seen this note as I initially packaged fio as my 
first package for Debian about 10 years ago.

I forwarded your mail and the one from Domenico with the SPDX patch to 
Debian bug

#922112 fio: hash.h is not DFSG compliant
https://bugs.debian.org/922112

which I closed before as you told already that hash.c is GPL-2.

Thanks,
-- 
Martin


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ