problematic pkcs11 license

Florian Weimer fweimer at redhat.com
Wed Apr 28 10:16:08 UTC 2021


* Matthias Klose:

> A Debian issue points out a problematic license for some imported header files,
> see https://bugs.debian.org/985765, and also https://bugs.debian.org/952951
> pointing out the issue with the OASIS license.
>
> The header files currently have
>
> /* Copyright (c) OASIS Open 2016-2019. All Rights Reserved.
>  * Distributed under the terms of the OASIS IPR Policy,
>  * [http://www.oasis-open.org/policies-guidelines/ipr], AS-IS, WITHOUT ANY
>  * IMPLIED OR EXPRESS WARRANTY; there is no warranty of MERCHANTABILITY, FITNESS
> FOR A
>  * PARTICULAR PURPOSE or NONINFRINGEMENT of the rights of others.
>  */
>
> The proposed alternative headers from NSS (which is already used as a build
> dependency for OpenJDK), have:
>
> /* This Source Code Form is subject to the terms of the Mozilla Public
>  * License, v. 2.0. If a copy of the MPL was not distributed with this
>  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
> /*
>  * Copyright (C) 1994-1999 RSA Security Inc. Licence to copy this document
>  * is granted provided that it is identified as "RSA Security In.c Public-Key
>  * Cryptography Standards (PKCS)" in all material mentioning or referencing
>  * this document.
>  *
>  * The latest version of this header can be found at:
>  *    http://www.rsalabs.com/pkcs/pkcs-11/index.html
>  */
>
> Is this something which could be addressed upstream? Which group to
> contact?

For some additional context on the OASIS license, there is also a
discussion here:

<https://lists.fedoraproject.org/archives/list/legal@lists.fedoraproject.org/thread/2QXHMTZ47DMMARJVI6PUMSYUPVFAGLCV/>

Thanks,
Florian



More information about the jdk-dev mailing list