Question on MIT Kerberos Library licensing

classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

Question on MIT Kerberos Library licensing

Eran Messeri
Dear Kerberos Developers,

I'd like to use the MIT Kerberos library in an open-source Android
application I'm developing.
However, the people who reviewed the licenses had some concerns/questions.

Who's a good person to bring up these issues with? Is there someone on the
development team that deals with licenses for contributed code in
particular?

I'm happy to elaborate on the intended use - it's not confidential, and
pretty straightforward use of the Kerberos library.

Many thanks,
Eran
_______________________________________________
krbdev mailing list             [hidden email]
https://mailman.mit.edu/mailman/listinfo/krbdev
Reply | Threaded
Open this post in threaded view
|

Re: Question on MIT Kerberos Library licensing

Simo Sorce-3
On Thu, 2018-05-10 at 10:56 +0100, Eran Messeri wrote:

> Dear Kerberos Developers,
>
> I'd like to use the MIT Kerberos library in an open-source Android
> application I'm developing.
> However, the people who reviewed the licenses had some concerns/questions.
>
> Who's a good person to bring up these issues with? Is there someone on the
> development team that deals with licenses for contributed code in
> particular?
>
> I'm happy to elaborate on the intended use - it's not confidential, and
> pretty straightforward use of the Kerberos library.

Eran,
Maybe you can start by stating what License concerns were raised ?

The MIT Kerberos library uses one of the most liberal Open Source
licenses you can find, I am surprised if that's at issue, so I am
curious to know what's the perceived problem.

Simo.
 
--
Simo Sorce
Sr. Principal Software Engineer
Red Hat, Inc

_______________________________________________
krbdev mailing list             [hidden email]
https://mailman.mit.edu/mailman/listinfo/krbdev
Reply | Threaded
Open this post in threaded view
|

Re: Question on MIT Kerberos Library licensing

Eran Messeri
On Thu, May 10, 2018 at 1:38 PM, Simo Sorce <[hidden email]> wrote:

> On Thu, 2018-05-10 at 10:56 +0100, Eran Messeri wrote:
> > Dear Kerberos Developers,
> >
> > I'd like to use the MIT Kerberos library in an open-source Android
> > application I'm developing.
> > However, the people who reviewed the licenses had some
> concerns/questions.
> >
> > Who's a good person to bring up these issues with? Is there someone on
> the
> > development team that deals with licenses for contributed code in
> > particular?
> >
> > I'm happy to elaborate on the intended use - it's not confidential, and
> > pretty straightforward use of the Kerberos library.
>
> Eran,
> Maybe you can start by stating what License concerns were raised ?
>
> The MIT Kerberos library uses one of the most liberal Open Source
> licenses you can find, I am surprised if that's at issue, so I am
> curious to know what's the perceived problem.
>

The concerns were around the language related to the files contributed by
OpenVision.
In particular, the copyright and permission notice
<https://web.mit.edu/kerberos/krb5-1.12/doc/mitK5license.html> includes the
following:

"OpenVision retains all copyrights in the donated Source Code. OpenVision
also retains copyright to derivative works of the Source Code, whether
created by OpenVision or by a third party. The OpenVision copyright notice
must be preserved if derivative works are made based on the donated Source
Code."

The internal concern was around the potential broad applicability implied
by term "derivative works of the Source Code,  whether created by
OpenVision or by a third party.".


>
> Simo.
>
> --
> Simo Sorce
> Sr. Principal Software Engineer
> Red Hat, Inc
>
>
_______________________________________________
krbdev mailing list             [hidden email]
https://mailman.mit.edu/mailman/listinfo/krbdev
Reply | Threaded
Open this post in threaded view
|

Re: Question on MIT Kerberos Library licensing

Greg Hudson
On 05/10/2018 02:14 PM, Eran Messeri wrote:
> "OpenVision retains all copyrights in the donated Source Code. OpenVision
> also retains copyright to derivative works of the Source Code, whether
> created by OpenVision or by a third party. The OpenVision copyright notice
> must be preserved if derivative works are made based on the donated Source
> Code."

Speaking as the primary maintainer of MIT krb5, who is not a lawyer and
is not qualified to give legal advice:

My personal interpretation of this license text is just that OpenVision
does not assign copyright to the creators of derivative works when
providing permission to create derivative works.  Under that
interpretation, I don't think there is anything worrisome about it; it
just means that derivative works are jointly owned by OpenVision and the
author of the changes, as one would expect.  MIT krb5 has been used in a
number of commercial products, including by companies with big legal
departments, and I don't recall that particular license text raising a
concern in the past (although as I joined the project only ten years
ago, I wouldn't necessarily know about all issues raised).

I cannot speak for OpenVision, and I do not know for sure what happened
to that business entity or its IP portfolio.  The work covered by that
license was contributed in the early 1990s and is fairly extensive (it
includes the krb5 GSS mech and the kadmin subsystem).
_______________________________________________
krbdev mailing list             [hidden email]
https://mailman.mit.edu/mailman/listinfo/krbdev
Reply | Threaded
Open this post in threaded view
|

Re: Question on MIT Kerberos Library licensing

Simo Sorce-3
In reply to this post by Eran Messeri
On Thu, 2018-05-10 at 19:14 +0100, Eran Messeri wrote:

> On Thu, May 10, 2018 at 1:38 PM, Simo Sorce <[hidden email]> wrote:
>
> > On Thu, 2018-05-10 at 10:56 +0100, Eran Messeri wrote:
> > > Dear Kerberos Developers,
> > >
> > > I'd like to use the MIT Kerberos library in an open-source Android
> > > application I'm developing.
> > > However, the people who reviewed the licenses had some
> >
> > concerns/questions.
> > >
> > > Who's a good person to bring up these issues with? Is there someone on
> >
> > the
> > > development team that deals with licenses for contributed code in
> > > particular?
> > >
> > > I'm happy to elaborate on the intended use - it's not confidential, and
> > > pretty straightforward use of the Kerberos library.
> >
> > Eran,
> > Maybe you can start by stating what License concerns were raised ?
> >
> > The MIT Kerberos library uses one of the most liberal Open Source
> > licenses you can find, I am surprised if that's at issue, so I am
> > curious to know what's the perceived problem.
> >
>
> The concerns were around the language related to the files contributed by
> OpenVision.
> In particular, the copyright and permission notice
> <https://web.mit.edu/kerberos/krb5-1.12/doc/mitK5license.html> includes the
> following:
>
> "OpenVision retains all copyrights in the donated Source Code. OpenVision
> also retains copyright to derivative works of the Source Code, whether
> created by OpenVision or by a third party. The OpenVision copyright notice
> must be preserved if derivative works are made based on the donated Source
> Code."
>
> The internal concern was around the potential broad applicability implied
> by term "derivative works of the Source Code,  whether created by
> OpenVision or by a third party.".

For this kind of doubts the only good person to ask would be a lawyer.
I can only say that MIT is distributed by many third parties and none
of them seem to be overly concerned with the wording of the OpenVision
grant.

Simo.

--
Simo Sorce
Sr. Principal Software Engineer
Red Hat, Inc

_______________________________________________
krbdev mailing list             [hidden email]
https://mailman.mit.edu/mailman/listinfo/krbdev
Reply | Threaded
Open this post in threaded view
|

Re: Question on MIT Kerberos Library licensing

Derek Atkins
In reply to this post by Greg Hudson
Hi,

Greg Hudson <[hidden email]> writes:

> I cannot speak for OpenVision, and I do not know for sure what happened
> to that business entity or its IP portfolio.  The work covered by that
> license was contributed in the early 1990s and is fairly extensive (it
> includes the krb5 GSS mech and the kadmin subsystem).

Does OpenVision still exist?  Thought they joined with @Stake and then,
I'm not sure what happened, and definitely don't know what happened to
their IP Portfolio.  I know that Marc Horowitz and I worked one some of
this IP.

Personally, I would not worry about it.

-derek
--
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       [hidden email]                        PGP key available
_______________________________________________
krbdev mailing list             [hidden email]
https://mailman.mit.edu/mailman/listinfo/krbdev
Reply | Threaded
Open this post in threaded view
|

Re: Question on MIT Kerberos Library licensing

Eran Messeri
In reply to this post by Simo Sorce-3
Thanks for the quick replies both, I'll pass them along.

I don't suppose anybody would remember who the original contributors are so
we could get the clarification directly from OpenVision or whoever retained
its IP portfolio?

Many thanks,
Eran

On Thu, May 10, 2018 at 8:05 PM, Simo Sorce <[hidden email]> wrote:

> On Thu, 2018-05-10 at 19:14 +0100, Eran Messeri wrote:
> > On Thu, May 10, 2018 at 1:38 PM, Simo Sorce <[hidden email]> wrote:
> >
> > > On Thu, 2018-05-10 at 10:56 +0100, Eran Messeri wrote:
> > > > Dear Kerberos Developers,
> > > >
> > > > I'd like to use the MIT Kerberos library in an open-source Android
> > > > application I'm developing.
> > > > However, the people who reviewed the licenses had some
> > >
> > > concerns/questions.
> > > >
> > > > Who's a good person to bring up these issues with? Is there someone
> on
> > >
> > > the
> > > > development team that deals with licenses for contributed code in
> > > > particular?
> > > >
> > > > I'm happy to elaborate on the intended use - it's not confidential,
> and
> > > > pretty straightforward use of the Kerberos library.
> > >
> > > Eran,
> > > Maybe you can start by stating what License concerns were raised ?
> > >
> > > The MIT Kerberos library uses one of the most liberal Open Source
> > > licenses you can find, I am surprised if that's at issue, so I am
> > > curious to know what's the perceived problem.
> > >
> >
> > The concerns were around the language related to the files contributed by
> > OpenVision.
> > In particular, the copyright and permission notice
> > <https://web.mit.edu/kerberos/krb5-1.12/doc/mitK5license.html> includes
> the
> > following:
> >
> > "OpenVision retains all copyrights in the donated Source Code. OpenVision
> > also retains copyright to derivative works of the Source Code, whether
> > created by OpenVision or by a third party. The OpenVision copyright
> notice
> > must be preserved if derivative works are made based on the donated
> Source
> > Code."
> >
> > The internal concern was around the potential broad applicability implied
> > by term "derivative works of the Source Code,  whether created by
> > OpenVision or by a third party.".
>
> For this kind of doubts the only good person to ask would be a lawyer.
> I can only say that MIT is distributed by many third parties and none
> of them seem to be overly concerned with the wording of the OpenVision
> grant.
>
> Simo.
>
> --
> Simo Sorce
> Sr. Principal Software Engineer
> Red Hat, Inc
>
>
_______________________________________________
krbdev mailing list             [hidden email]
https://mailman.mit.edu/mailman/listinfo/krbdev
Reply | Threaded
Open this post in threaded view
|

Re: Question on MIT Kerberos Library licensing

Simo Sorce-3
On Fri, 2018-05-11 at 16:45 +0100, Eran Messeri wrote:
> Thanks for the quick replies both, I'll pass them along.
>
> I don't suppose anybody would remember who the original contributors are so
> we could get the clarification directly from OpenVision or whoever retained
> its IP portfolio?

A quick search on Google gave this:
https://www.bloomberg.com/research/stocks/private/snapshot.asp?privcapI
d=32475

"As of April 25, 1997, Openvision Technologies was acquired by Veritas
Software Corp."

Also recorded here:
https://en.wikipedia.org/wiki/Veritas_Technologies

Tracking down where they IP has gone is probably going to be hard
anyway due to the complicated history of this company.

Simo.

--
Simo Sorce
Sr. Principal Software Engineer
Red Hat, Inc

_______________________________________________
krbdev mailing list             [hidden email]
https://mailman.mit.edu/mailman/listinfo/krbdev
Reply | Threaded
Open this post in threaded view
|

Re: Question on MIT Kerberos Library licensing

Derrick Brashear
In reply to this post by Derek Atkins
I thought Veritas bought OpenVision, and @Stake was something new.

On Fri, May 11, 2018 at 10:22 AM, Derek Atkins <[hidden email]> wrote:

> Hi,
>
> Greg Hudson <[hidden email]> writes:
>
> > I cannot speak for OpenVision, and I do not know for sure what happened
> > to that business entity or its IP portfolio.  The work covered by that
> > license was contributed in the early 1990s and is fairly extensive (it
> > includes the krb5 GSS mech and the kadmin subsystem).
>
> Does OpenVision still exist?  Thought they joined with @Stake and then,
> I'm not sure what happened, and definitely don't know what happened to
> their IP Portfolio.  I know that Marc Horowitz and I worked one some of
> this IP.
>
> Personally, I would not worry about it.
>
> -derek
> --
>        Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
>        Member, MIT Student Information Processing Board  (SIPB)
>        URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
>        [hidden email]                        PGP key available
> _______________________________________________
> krbdev mailing list             [hidden email]
> https://mailman.mit.edu/mailman/listinfo/krbdev
>



--
Daria Phoebe Brashear
AuriStor, Inc
dariaphoebe.com
_______________________________________________
krbdev mailing list             [hidden email]
https://mailman.mit.edu/mailman/listinfo/krbdev
Reply | Threaded
Open this post in threaded view
|

Re: Question on MIT Kerberos Library licensing

Derek Atkins

Frankly I don't recall.  I was only a summer employee there.  Like I
said, Marc would probably know more.  Or we could bug Dan Geer.

(and sorry for the late response -- apparently this mail got stuck on my
laptop's mail queue and only recently got flushed!!

-derek

Daria Phoebe Brashear <[hidden email]> writes:

> I thought Veritas bought OpenVision, and @Stake was something new.
>
> On Fri, May 11, 2018 at 10:22 AM, Derek Atkins <[hidden email]> wrote:
>
>     Hi,
>    
>     Greg Hudson <[hidden email]> writes:
>    
>     > I cannot speak for OpenVision, and I do not know for sure what happened
>     > to that business entity or its IP portfolio.  The work covered by that
>     > license was contributed in the early 1990s and is fairly extensive (it
>     > includes the krb5 GSS mech and the kadmin subsystem).
>    
>     Does OpenVision still exist?  Thought they joined with @Stake and then,
>     I'm not sure what happened, and definitely don't know what happened to
>     their IP Portfolio.  I know that Marc Horowitz and I worked one some of
>     this IP.
>    
>     Personally, I would not worry about it.
>    
>     -derek
>     --
>            Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
>            Member, MIT Student Information Processing Board  (SIPB)
>            URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
>            [hidden email]                        PGP key available
>     _______________________________________________
>     krbdev mailing list             [hidden email]
>     https://mailman.mit.edu/mailman/listinfo/krbdev
>
> --
> Daria Phoebe Brashear
> AuriStor, Inc
> dariaphoebe.com
>

--
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       [hidden email]                        PGP key available

_______________________________________________
krbdev mailing list             [hidden email]
https://mailman.mit.edu/mailman/listinfo/krbdev