All,
Ok so we have started a cryptography team. There is a new Cryptography List you can sign up at: http://lists.squeakfoundation.org/mailman/listinfo/cryptography
We are still looking for volunteers if you have an interest, have some experience, or need cryptography for your application please volunteer.
We are starting with ASN.1 which could also be used to help optimize communications between systems. From there we will move on to x.509v3 and PGP.
One of our members suggested that we contact Cincom, which we did. We asked if a port of Cincom code was possible, and we received a positive reply. The only issue that came up was about license rights. We are waiting for a more definite response, but so far they are not comfortable with Squeak license. They would prefer LGPL or the Artistic License for the code that we port from them directly.
I've read through them but I'm not an expert on licenses. Can you give me your reactions to using either one of these license models for our cryptography packages? What would the general reaction be? Has anyone compared the models enough to tell me the difference between Squeak and LGPL? For LGPL I understood the extra requirements to separate functionality of the package form the applications so that it can be run separately and the source code availability requirements which considering that this is smalltalk and source is always available we can include the license on the class comment to make sure that developers include this notice in their applications. We have not decided to go this route; we are just exploring the options.
Also, there are currently PKI classes in the base image. Those classes are duplicated in the current cryptographic package. Does anyone have an opinion on whether or not cryptographic classes should be in the base image? If so what pieces do you think should be there?
Your thoughts are welcome.
Thanks,
Ron Teitelbaum
On 10/21/05, Ron Teitelbaum Ron@usmedrec.com wrote:
One of our members suggested that we contact Cincom, which we did. We asked if a port of Cincom code was possible, and we received a positive reply.
That'd be great, because VW contains everything up to a functioning SSL implementation (I never understood why they took the trouble to go that far, but hey, it's cool and if they want to share it... ;)).
They would prefer LGPL or the Artistic License for the code that we port from them directly.
I think the Artistic License is the most free, and a quick read doesn't show any glaring problems. For a non-base package LGPL would do just fine. Richard Stallman narrowed LGPL's scope for GNU Smalltalk to a workable definition of 'linking', etcetera, which means that chances that the FSF will come down and hunt you (on who's behalf anyway?) are slight. For a base package LGPL would IMO still be fine, but people are likely to object.
I think Artistic is in spirit quite close to Squeak-L, but IANAL etcetera :)
Personally, for getting access to that large volume of crypto code, I'd be happy with either.
On 20.10.2005, at 23:46, Ron Teitelbaum wrote:
I've read through them but I'm not an expert on licenses. Can you give me your reactions to using either one of these license models for our cryptography packages? What would the general reaction be? Has anyone compared the models enough to tell me the difference between Squeak and LGPL? For LGPL I understood the extra requirements to separate functionality of the package form the applications so that it can be run separately and the source code availability requirements which considering that this is smalltalk and source is always available we can include the license on the class comment to make sure that developers include this notice in their applications. We have not decided to go this route; we are just exploring the options.
LGPL has the problem that it seems to only work for C based system with real "linked" libraries. If you add the code of a an LGPLed smalltalk framework, it could be argued that you are not linking but reusing, thus forcing LGPL on the complete image. (I think in situations like these, people add a preamble to the license to explain what they consider to be ok. I think GNU Smalltalk did that)
For Squeak, I think we decided to use the MIT license for all new stuff, with the goal to eventually have everything with that license.
Marcus
On 10/21/05, Marcus Denker denker@iam.unibe.ch wrote:
it could be argued that you are not linking but reusing, thus forcing LGPL on the complete image. (I think in situations like these, people add a preamble to the license to explain what they consider to be ok. I think GNU Smalltalk did that)
Yup. With RMS's consent. So I don't think it is a very big issue.
For Squeak, I think we decided to use the MIT license for all new stuff, with the goal to eventually have everything with that license.
Well, if we incorporate foreign code there's not much we can do...
Anyway, I think this whole discussion is moot at this moment - James Robertson first should get green light from his superiours, legal department, and whatnot ;)
cryptography@lists.squeakfoundation.org