crypt-rijndael icon indicating copy to clipboard operation
crypt-rijndael copied to clipboard

Published 20 hours ago verified publisher icon Leont

License

Open ppisar opened this issue 10 years ago • 6 comments

I'm confused regarding license that covers the Crypt-Rijndael-1.13.

Rijndael.xs states LGPLv2+. Rijandel.pm stated LGPLv3. ppport.h comes from perl and requires (GPL+ or Artistic). COPYING quotes LGPLv3+.

While it's fine that each file has different license, after compiling the code and executing it, the effective license becomes GPLv3. Is that what you intended?

ppisar avatar Sep 23 '15 12:09 ppisar

I hadn't realized the ppport issue, that was certainly not the intention. IMO the LGPL is unfortunate in this particular case, but that wasn't my choice. I'm considering replacing the AES implementation inside, which means pretty much a rewrite from scratch of most pieces I haven't rewritten already, that might actually be the cleanest way out eventually (but IANAL).

Leont avatar Sep 23 '15 13:09 Leont

On Wed, Sep 23, 2015 at 06:17:29AM -0700, Leon Timmermans wrote:

I hadn't realized the ppport issue, that was certainly not the intention. IMO the LGPL is an unfortunate choice in this particular case, but that wasn't my choice. I'm considering replacing the AES implementation inside, which means pretty much a rewrite from scratch of most pieces I haven't rewritten already, that might actually be the cleanest way out eventually.

I see. I know there is Crypt-OpenSSL-AES that uses OpenSSL for the cryptography. If user pretends that OpenSSL is a system wide library, then it's compatible with GPL. I don't know much about Artistic and OpenSSL lincense compatibility. Is there reason why to keep Crypt-Rijandel alive?

-- Petr

ppisar avatar Sep 23 '15 14:09 ppisar

OpenSSL may not be around on all systems, its license is a bit tricky in its own way, and Crypt-OpenSSL-AES doesn't implement the cryptographic modes (Crypt::CBC and the like add almost an order-of-magnitude in time, because they're implementing a tight loop in Perl).

Leont avatar Sep 23 '15 15:09 Leont

Another issue is that the META.json file just specified license: open_source, which is obviously wrong.

autarch avatar Mar 13 '19 17:03 autarch

Another issue is that the META.json file just specified license: open_source, which is obviously wrong.

Should be fixable: https://metacpan.org/pod/CPAN::Meta::Spec#license

But its not clear what one does to disambiguate between "LGPL-2.1 only" and "LGPL-2.1+" shrug

kentfredric avatar Jul 02 '20 12:07 kentfredric

https://github.com/Leont/crypt-rijndael/blob/3ea315a28abf53844e029d2e14ded20c141662c8/rijndael.h#L4-L9 https://github.com/Leont/crypt-rijndael/blob/3ea315a28abf53844e029d2e14ded20c141662c8/Rijndael.xs#L4-L9 https://github.com/Leont/crypt-rijndael/blob/3ea315a28abf53844e029d2e14ded20c141662c8/Rijndael.pm#L132-L137 https://github.com/Leont/crypt-rijndael/blob/3ea315a28abf53844e029d2e14ded20c141662c8/_rijndael.c#L4-L9

As-is, more files declare LGPL2.1+ than declare LGPL3.

kentfredric avatar Jul 02 '20 12:07 kentfredric