-
Notifications
You must be signed in to change notification settings - Fork 444
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Licensing questions #1388
Comments
We don't have a workaround for this; we have been willing to accept and use CC0 code, as it is not our goal to resolve issues about patents. |
Thank you very much for clarification! |
Can I ask what the implication is of this? Will you exclude CC0 algorithms in |
We hope we will include them as an exception |
What license is preferred? My sense is that much of the CC0-licensed code is from academics who were trying to be as liberal as possible in their licensing and were under the impression that it was better to say "CC0" than "public domain" since "public domain" is apparently a poorly defined concept. I think that in many of those cases it may be possible to approach them asking for dual licensing of CC0 and some other appropriate license. |
We are only the authors of parts of this, generally the common code but not the algorithms, which are usually sourced from other open source implementations. |
Could you please help us establishing the contacts with the authors with original code, if necessary? License is a big concern for us. |
https://fedoraproject.org/wiki/Licensing:Main#Good_Licenses is a list of licenses appropriate for Fedora. As your library is a de-facto standard implementation for now, it's an important question. |
Are you sure that link is correct? If it were I'd be confused: CC0 is on the "Good licenses" list above (as is MIT -- which is our "main" license). |
Did you see the files within the docs tree? They contain all author's names. For the biggest chunk of CC0 algorithms, the fastest path to resolving any issue is probably by you contacting a colleague within your own company (Michael Osborne @ IBM Zurich). |
Everything is fine with MIT. I try to manage what's real situation with CC0. |
https://fedoraproject.org/wiki/Licensing:Main#Good_Licenses is outdated, see the warning at the very top of the page. The relevant list is https://docs.fedoraproject.org/en-US/legal/allowed-licenses/, which lists CC0-1.0 as allowed content license, but not as allowed license. The distinction is explained at https://docs.fedoraproject.org/en-US/legal/license-approval/#_allowed_for_content, where it clearly says "'Content' means any material that is not code." |
Kyber and Dilithium licenses have been updated to dual license with Apache-2.0. I will create a PR to reflect the change. |
See PR #1403. This applies to the generic and AVX2 versions pulled from pqcrystals. The ARM versions pulled from pqclean are still under CC0. |
Replaced by #1437. |
I'm going to bring liboqs to Fedora and dealing with the licenses. We have some questions to be discussed internally and one I want to raise immediately.
As of 2022-08-01 CC0 is prohibited for code included in Fedora because it contains an express exclusion of patent permissions, and AFAIK it is not the only distro with similar problem. Is there any relevant workaround for this?
The text was updated successfully, but these errors were encountered: