problematic pkcs11 license

Matthias Klose doko at ubuntu.com
Tue Apr 27 06:33:27 UTC 2021


A Debian issue points out a problematic license for some imported header files,
see https://bugs.debian.org/985765, and also https://bugs.debian.org/952951
pointing out the issue with the OASIS license.

The header files currently have

/* Copyright (c) OASIS Open 2016-2019. All Rights Reserved.
 * Distributed under the terms of the OASIS IPR Policy,
 * [http://www.oasis-open.org/policies-guidelines/ipr], AS-IS, WITHOUT ANY
 * IMPLIED OR EXPRESS WARRANTY; there is no warranty of MERCHANTABILITY, FITNESS
FOR A
 * PARTICULAR PURPOSE or NONINFRINGEMENT of the rights of others.
 */

The proposed alternative headers from NSS (which is already used as a build
dependency for OpenJDK), have:

/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/*
 * Copyright (C) 1994-1999 RSA Security Inc. Licence to copy this document
 * is granted provided that it is identified as "RSA Security In.c Public-Key
 * Cryptography Standards (PKCS)" in all material mentioning or referencing
 * this document.
 *
 * The latest version of this header can be found at:
 *    http://www.rsalabs.com/pkcs/pkcs-11/index.html
 */

Is this something which could be addressed upstream? Which group to contact?

Thanks, Matthias


More information about the jdk-dev mailing list