lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <003b01cf6c61$c9866790$5c9336b0$@acm.org>
Date: Sat, 10 May 2014 08:09:05 -0700
From: "Dennis E. Hamilton" <dennis.hamilton@....org>
To: <discussions@...sword-hashing.net>
Subject: RE: [PHC] PHS API copyright?

I think having clear copyright and statements on the PHS and the site materials are good things to do.  They keep everything clear.

In my response to Bill Cox, I was thinking of the copyright on submissions, not on the PHS signature declaration.

Also, a derivative header file where the parameters to PHS are made more specific and explicit would count as a separate work although the new copyright does not extend over the borrowed parts.  The additional material is subject to separate copyright.  

I am also not worried about the PHS signature and the specification of it given as part of the PHC.  That is not legal advice, of course.  Just the same, it is good practice to be clear what the copyright license conditions are, even if a work were eventually deemed not copyrightable.  Honoring the conditions is simply the safe thing to do.

 - Dennis

-----Original Message-----
From: Jean-Philippe Aumasson [mailto:jeanphilippe.aumasson@...il.com] 
Sent: Saturday, May 10, 2014 07:35
To: discussions@...sword-hashing.net
Subject: Re: [PHC] PHS API copyright?

I would not worry about the IP on the PHS API.

FWIW, the PHS API consists of only one function prototype specified on
https://password-hashing.net/call.html

That prototype was agreed upon by a subset of the panel members,
including myself. As copyright holders, I think we will all agree to
license it to anyone under public domain-like terms (CC0, Unlicense,
etc.).

That said, I believe it is necessary to clarify intellectual property
terms on the PHC website. I will discuss this with qualified people,
and will add the relevant statements to the website. Hopefully next
week.



On Sat, May 10, 2014 at 6:16 AM, Dennis E. Hamilton
<dennis.hamilton@....org> wrote:
> Yes, Software did not have copyright until the 1976 revision of the
> Copyright code.
>
>
>
> The original expression (not the part that is from another source) in all
> software is a copyrighted work the minute it is put in tangible form.  So
> the original part of your PHS contribution is already copyright by you.
>
>
>
> Those BSD and GPL notices incorporated in files do not change their
> copyright status, they simply prescribe the allowable use by offering an
> automatic license that is available so long as the terms and conditions are
> honored.  I don't know what you put in the headings of your files, but if
> you want to be clear, it is important to be explicit about what the
> automatic license is to be, if any.  And if you have made a derivative of
> (parts of) other work, the licenses on those works must be honored by you.
>
>
>
> For the most part, programs are used the way their authors intended and
> there is no harm and no foul.
>
>
>
> What we're seeing here is a dispute among two commercial actors.  Oracle
> certainly wants people to use their "API" (as clarified by the court
> concerning what "API" is in the context of Java).  Oracle claims commercial
> harm in the resultant "fork."  Apparently, the OpenJDK license was not
> something Google was willing to honor.  We'll see how it goes when the
> fair-use question is retried.
>
>
>
> -   Dennis
>
>
>
> From: Bill Cox [mailto:waywardgeek@...il.com]
> Sent: Friday, May 9, 2014 17:49
> To: discussions@...sword-hashing.net
> Subject: Re: [PHC] PHS API copyright?
>
>
>
> On Fri, May 9, 2014 at 8:42 PM, Dennis E. Hamilton <dennis.hamilton@....org>
> wrote:
>
> See
> http://cafc.uscourts.gov/images/stories/opinions-orders/13-1021.Opinion.5-7-2014.1.PDF
> for an extensive account given in the ruling itself in the "Background"
> section.
>
>
>
> Thanks for the link. I read: The jury found that Google infringed Oracle's
> copyrights in the 37 Java packages and a specific computer routine called
> "rangeCheck,"
>
>
>
> Oracle succeeded in copyrighting their API.  Had this happened in the days
> of Unix, God only knows what kind of computing we'd have today.
>
>
>
> Bill

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ