Packaging help. about codecrypt HOT 5 CLOSED

Hello,

first, please don't package versions lower than 1.2 which was created yesterday (there are binary incompatibilities since it was necessary to add some security margin to symmetric ciphers).

On licencing&legal issues:

• To the best of my knowledge, used algorithms are not restricted by any patenting issues except for RC4 that must not be called RC4 but Arcfour. :)
• There may be anti-crypto laws in some countries, but those restrict all cryptography so it's probably not an issue.
• All code except several hash algorithm implementation was done by me and is licenced under LGPLv3
• src/tiger.[ch], src/sha2.[ch], src/ripemd128.[ch] have different licences, but all are free. Source code redistribution is okay, but for binary redistribution you need to add some notice from the BSD licences to the documentation (see top comments in the files).

There are no other bundled libraries than the sources of hash functions. Note that the software requires libgmp.

Now, is there some "recommended&best" method how I could add the binary redistribution notices so that the autotools' install output is readily binary redistributable? (if there is, preferably send me a git patch :) )

-mk

EDIT: after reading the fedora packaging guidelines about bundled libraries a new question surfaced: Is there some standard library (except for openssl) that would provide ripemd128, tiger192, sha256, sha384 and sha512 hashes?

from codecrypt.

Um...I've packaged the 1.2 version.

I'm not sure about the alternatives.

Doing a simple search and found something like:

mhash(dead upstream since 2007)
libgcrypt(http://www.gnu.org/software/libgcrypt/)
beecrypt

from codecrypt.

Okay, from studying the "bundled libraries" docs of fedora packages it's pretty sure this is not the case (the project from where the files were taken are not really actively maintained, nor occur in Fedora as libraries, and now I'm maintaining the source included in codecrypt myself).

The BSD/GPL licenses need to be printed out on the output though, I'm gonna make a patch so that binary distribution complies with licence without any further patching.

from codecrypt.

After finding many files, we've confirmed that this is a bundled library issue.

Please see https://bugzilla.redhat.com/show_bug.cgi?id=966324#c5 for more details.

Thanks.

from codecrypt.

ccr is now using libcrypto++ dependency for all hashing, I guess bundled library issues are all solved.

from codecrypt.