cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: [Patch] Rewrite of security.c?

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Wed, 8 Sep 2010 23:54:58 +0200 (CEST)

On Mon, 30 Aug 2010, Julien Chaffraix wrote:

> following the comment at the beginning of security.c I gave a try at
> rewriting the file. The diff against trunk is attached along with the new
> implementation. It passes all the tests on my machine but the compilation
> has not been tested outside a Linux/32bit machine. The diff is pretty big
> and can be split upon demand to ease review.

Whoa, very cool work! Sorry for being slow at responding, it slipped between
somehow.

I fear that security.c is mostly used for kerberos4 and possibly some gssapi
stuff and I must admit that I have _never_ used any of those since the days we
first introduced krb4 (when I was given a krb account to borrow for a few
days) so if we go this route I think we just need to trust that the tests are
decent enough to at least not break everything completely and then wish and
hope that someone who actually uses krb4 or gss will try it.

> Also I tried to get some legal advice whether such work would be considered
> a proper rewrite and did not get an answer so this must be reviewed by
> someone with more OSS / legal experience.

I'm convinced nobody will stick out their chin and make any such bold
statements unconditionally without having checked the details very carefully.
And I don't think any law-person will do that for us just like that.

The original code that the copyright covers was first modified quite a lot by
Martin Hedenfalk to adapt it to curl, and then I did my share at curlifying
it. That was even before the file first appeared in the directory as the first
version we can find with git (September 2000). From there, the file has been
further modified. Now you've modified it a lot on top of all this. Is there
any traces left that would warrant a copyright and thus a say in which license
to use?

In all fairness, however much I'd like to just get out of that annoying
announce license, I can spot similarities in the patched code and the original
code we imported into curl. They are close enough to be seen by a human eye
looking for it. Are they big enough to warrant copyright? I don't know, but in
this case I rather leave the copyright in just to be safe and play nice.

But, given that you've worked a lot on this and fixed a bunch of issues and
quirks in the code, I think we should proceed and merge your patch even if it
doesn't (yet) remove the Original BSD license from the file.

What do you think? Am I wrong?

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html

Received on 2010-09-08

This message: [ Message body ]
Next message: xiusandake_at_yahoo.co.jp: "Re: HELP: how can i send POST by using IPv6 address?"
Previous message: Daniel Stenberg: "Re: curl-multi ftp"
Next in thread: Julien Chaffraix: "Re: [Patch] Rewrite of security.c?"
Reply: Julien Chaffraix: "Re: [Patch] Rewrite of security.c?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]