lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 10 May 2014 12:02:46 -0400
From: Peregrine <peregrinebf@...il.com>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] PHS API copyright?

Even though no one in their right mind would consider the signature
declaration to be copyrightable if the Oracle v. Google appeal ruling
stands it will be. A public-domain like license is probably the best bet,
since some countries don't allow works to be placed in the public domain.


On Sat, May 10, 2014 at 11:09 AM, Dennis E. Hamilton <
dennis.hamilton@....org> wrote:

> I think having clear copyright and statements on the PHS and the site
> materials are good things to do.  They keep everything clear.
>
> In my response to Bill Cox, I was thinking of the copyright on
> submissions, not on the PHS signature declaration.
>
> Also, a derivative header file where the parameters to PHS are made more
> specific and explicit would count as a separate work although the new
> copyright does not extend over the borrowed parts.  The additional material
> is subject to separate copyright.
>
> I am also not worried about the PHS signature and the specification of it
> given as part of the PHC.  That is not legal advice, of course.  Just the
> same, it is good practice to be clear what the copyright license conditions
> are, even if a work were eventually deemed not copyrightable.  Honoring the
> conditions is simply the safe thing to do.
>
>  - Dennis
>
> -----Original Message-----
> From: Jean-Philippe Aumasson [mailto:jeanphilippe.aumasson@...il.com]
> Sent: Saturday, May 10, 2014 07:35
> To: discussions@...sword-hashing.net
> Subject: Re: [PHC] PHS API copyright?
>
> I would not worry about the IP on the PHS API.
>
> FWIW, the PHS API consists of only one function prototype specified on
> https://password-hashing.net/call.html
>
> That prototype was agreed upon by a subset of the panel members,
> including myself. As copyright holders, I think we will all agree to
> license it to anyone under public domain-like terms (CC0, Unlicense,
> etc.).
>
> That said, I believe it is necessary to clarify intellectual property
> terms on the PHC website. I will discuss this with qualified people,
> and will add the relevant statements to the website. Hopefully next
> week.
>
>
>
> On Sat, May 10, 2014 at 6:16 AM, Dennis E. Hamilton
> <dennis.hamilton@....org> wrote:
> > Yes, Software did not have copyright until the 1976 revision of the
> > Copyright code.
> >
> >
> >
> > The original expression (not the part that is from another source) in all
> > software is a copyrighted work the minute it is put in tangible form.  So
> > the original part of your PHS contribution is already copyright by you.
> >
> >
> >
> > Those BSD and GPL notices incorporated in files do not change their
> > copyright status, they simply prescribe the allowable use by offering an
> > automatic license that is available so long as the terms and conditions
> are
> > honored.  I don't know what you put in the headings of your files, but if
> > you want to be clear, it is important to be explicit about what the
> > automatic license is to be, if any.  And if you have made a derivative of
> > (parts of) other work, the licenses on those works must be honored by
> you.
> >
> >
> >
> > For the most part, programs are used the way their authors intended and
> > there is no harm and no foul.
> >
> >
> >
> > What we're seeing here is a dispute among two commercial actors.  Oracle
> > certainly wants people to use their "API" (as clarified by the court
> > concerning what "API" is in the context of Java).  Oracle claims
> commercial
> > harm in the resultant "fork."  Apparently, the OpenJDK license was not
> > something Google was willing to honor.  We'll see how it goes when the
> > fair-use question is retried.
> >
> >
> >
> > -   Dennis
> >
> >
> >
> > From: Bill Cox [mailto:waywardgeek@...il.com]
> > Sent: Friday, May 9, 2014 17:49
> > To: discussions@...sword-hashing.net
> > Subject: Re: [PHC] PHS API copyright?
> >
> >
> >
> > On Fri, May 9, 2014 at 8:42 PM, Dennis E. Hamilton <
> dennis.hamilton@....org>
> > wrote:
> >
> > See
> >
> http://cafc.uscourts.gov/images/stories/opinions-orders/13-1021.Opinion.5-7-2014.1.PDF
> > for an extensive account given in the ruling itself in the "Background"
> > section.
> >
> >
> >
> > Thanks for the link. I read: The jury found that Google infringed
> Oracle's
> > copyrights in the 37 Java packages and a specific computer routine called
> > "rangeCheck,"
> >
> >
> >
> > Oracle succeeded in copyrighting their API.  Had this happened in the
> days
> > of Unix, God only knows what kind of computing we'd have today.
> >
> >
> >
> > Bill
>
>

Content of type "text/html" skipped

Powered by blists - more mailing lists