Comments (5)
Hello,
first, please don't package versions lower than 1.2 which was created yesterday (there are binary incompatibilities since it was necessary to add some security margin to symmetric ciphers).
On licencing&legal issues:
- To the best of my knowledge, used algorithms are not restricted by any patenting issues except for RC4 that must not be called RC4 but Arcfour. :)
- There may be anti-crypto laws in some countries, but those restrict all cryptography so it's probably not an issue.
- All code except several hash algorithm implementation was done by me and is licenced under LGPLv3
- src/tiger.[ch], src/sha2.[ch], src/ripemd128.[ch] have different licences, but all are free. Source code redistribution is okay, but for binary redistribution you need to add some notice from the BSD licences to the documentation (see top comments in the files).
There are no other bundled libraries than the sources of hash functions. Note that the software requires libgmp.
Now, is there some "recommended&best" method how I could add the binary redistribution notices so that the autotools' install output is readily binary redistributable? (if there is, preferably send me a git patch :) )
-mk
EDIT: after reading the fedora packaging guidelines about bundled libraries a new question surfaced: Is there some standard library (except for openssl) that would provide ripemd128, tiger192, sha256, sha384 and sha512 hashes?
from codecrypt.
Um...I've packaged the 1.2 version.
I'm not sure about the alternatives.
Doing a simple search and found something like:
mhash(dead upstream since 2007)
libgcrypt(http://www.gnu.org/software/libgcrypt/)
beecrypt
from codecrypt.
Okay, from studying the "bundled libraries" docs of fedora packages it's pretty sure this is not the case (the project from where the files were taken are not really actively maintained, nor occur in Fedora as libraries, and now I'm maintaining the source included in codecrypt myself).
The BSD/GPL licenses need to be printed out on the output though, I'm gonna make a patch so that binary distribution complies with licence without any further patching.
from codecrypt.
After finding many files, we've confirmed that this is a bundled library issue.
Please see https://bugzilla.redhat.com/show_bug.cgi?id=966324#c5 for more details.
Thanks.
from codecrypt.
ccr is now using libcrypto++ dependency for all hashing, I guess bundled library issues are all solved.
from codecrypt.
Related Issues (20)
- Mac OSX install instructions HOT 1
- how to import key HOT 1
- Annealmail Thunderbird Add-on HOT 9
- Avoid parameters that allow timing/statistical attacks when used as decryption oracle HOT 16
- error: ambiguous local user specified HOT 9
- [REJECTED] Windows binary HOT 1
- Secret key protection HOT 6
- Entropy ? HOT 3
- A Question regarding HWRNG HOT 3
- AES HOT 2
- Ubuntu Install Problem HOT 2
- Use LGPL v2.1 instead of v3 for better license compatibility HOT 5
- Rewrite in Rust HOT 4
- Compile issue on macOS HOT 6
- How about add seed support for FMTSeq ? HOT 1
- It takes more than 10 minutes to generate keypair... HOT 2
- signed git tags / signed git commits HOT 1
- Does codecrypt also provides security regarding classical computer attacks? HOT 6
- YAY: "Package 'libcrypto++', required by 'virtual:world', not found" HOT 4
- Long List Of Errors When Running `make` HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from codecrypt.