Michael Jung wrote:

I would like to use source code from LibTomCrypt (http://libtomcrypt.org) in my implementation of rsaenh.dll (which I still hope has a remote chance of being accepted into wine ;-), in order to get rid of the OpenSSL dependencies.

Sounds good. I wonder if you can then build rsabase on top of it, if that's even necessary...?

LibTomCrypt is in the public domain. I have two questions:

1. What is the legaly correct way to do this? As I understand it, public

domain source can simply be taken as is and re-licensed under the LGPL. Is this correct? Am I allowed to remove the headers in the original file, which state that the code is public domain? How do you generally acknowledge the original author?

I think the way is to leave the original headers on there, and add the LGPL header above it, perhaps with a note saying something like:

/* This file was derived from code written by Tom St. Denis which the following license: */

2. A more technical question: LibTomCrypt's original sources are highly

customizable (A lot of conditional compilation and hook-functions). Since we have fairly special requirements for rsaenh, I could cut down the source code a lot. However, this would make it harder to incorporate code from a newer version of libtomcrypt, once it becomes available. Which way is preferable? Having less code or beeing easily upgradeable?

My aproach when incorporating code from other libraries has been to modify as little as possible, but remove all the #ifdefs and code that isn't relevant to the WIN32 platform.

It's likely that the code will diverge from libtomcrypt over time anyway, and there maybe be win32 "features" that we wish to implement... NSAKEY anybody? ;)

Mike

On Thu, Nov 04, 2004 at 01:39:34PM +0100, Michael Jung wrote:

I would like to use source code from LibTomCrypt (...). LibTomCrypt is in the public domain.

1. What is the legaly correct way to do this? As I understand it,

public domain source can simply be taken as is and re-licensed under the LGPL. Is this correct?

Yes, it is, but see below.

Am I allowed to remove the headers in the original file, which state that the code is public domain?

*If* the code is really public domain, then, yes, this is allowed. However, be aware that as, from what I gather from the website, the author seems to be alive at present, the code is *not* public domain in most of Europe. (Some of the rights granted by copyright are inalienable in most of Europe.) One could argue, though, that by putting "public domain" on the thing, the author's intention was to give you a license to remove his name.

I think it is better to keep the headers anyway, for trail of accountability reasons: If SCO comes and says they wrote this code, at least you know who to call to come to testify to court "No, *I* wrote that code".

Independent of legal reasons, I think that morally, by not using the lethal weapons carried by law enforcement to force us to keep his name on his work, Tom St Denis, on a moral level, deserves to be credited even more. He's nice with us, let's be nice with him.

How do you generally acknowledge the original author?

Something like what was suggested by Mike is fine.