Message ID | 20180922193631.14369-1-asafka7@gmail.com |
---|---|
State | Accepted |
Headers | show |
Series | [1/4] python-pycryptodomex: new package | expand |
Hello, On Sat, 22 Sep 2018 22:36:28 +0300, Asaf Kahlon wrote: > Cryptographic library for Python > > Signed-off-by: Asaf Kahlon <asafka7@gmail.com> Let's add some license experts in the loop. > +PYTHON_PYCRYPTODOMEX_LICENSE = Apache-2.0 I am not sure this is an accurate description of the license terms. Reading https://pycryptodome.readthedocs.io/en/latest/src/license.html (which is the same as the LICENSE.rst you use as a license file), it says: """ The source code in PyCryptodome is partially in the public domain and partially released under the BSD 2-Clause license. """ There is also the text of the Apache 2.0 license, but it doesn't say to which part of the code it applies. And there is a special constraint for the OCB cipher, that it cannot be used for military purposes. I am not sure how Debian accepts that, but they do accept it: https://metadata.ftp-master.debian.org/changelogs/main/p/pycryptodome/pycryptodome_3.6.1-2_copyright. Yann, Arnout, I'm interested by your opinion on this package. Best regards, Thomas
Thomas, Asaf, All, On 2018-10-09 15:56 +0200, Thomas Petazzoni spake thusly: > On Sat, 22 Sep 2018 22:36:28 +0300, Asaf Kahlon wrote: > > Cryptographic library for Python > > +PYTHON_PYCRYPTODOMEX_LICENSE = Apache-2.0 > > I am not sure this is an accurate description of the license terms. > Reading https://pycryptodome.readthedocs.io/en/latest/src/license.html > (which is the same as the LICENSE.rst you use as a license file), it > says: > > """ > The source code in PyCryptodome is partially in the public domain and > partially released under the BSD 2-Clause license. > """ > > There is also the text of the Apache 2.0 license, but it doesn't say to > which part of the code it applies. It states: Apache 2.0 license (Wycheproof) And by grepping the source tree, it seems that 'Wycheproof' is the slef-test test harness, as we can only find it in lib/Crypto/SelfTest/ and in setup.py, supposedly to ignore warnign from said test harness, and to list it as the data to package. So, I think we can ignore the Apache-2.0 license, as it does not cover stuff that goes on the target. > And there is a special constraint for the OCB cipher, that it cannot be > used for military purposes. I am not sure how Debian accepts that, but > they do accept it: > https://metadata.ftp-master.debian.org/changelogs/main/p/pycryptodome/pycryptodome_3.6.1-2_copyright. In fact, there are 3 licenses under which OCB is made available; http://web.cs.ucdavis.edu/~rogaway/ocb/license.htm * License 1 — License for Open-Source Software Implementations of OCB (Jan 9, 2013) * License 2 — General License for Non-Military Software Implementations OCB (Jan 10, 2013). * License 3 — Patent License for OpenSSL (Nov 13, 2013). As far as I understand the licensing terms, OCB is available udner any license to the choosing of the user of OCB. The pycryptodome developpers have not choosen a license, and instead decided to propagate that choice down to the user of pycryptodome. > Yann, Arnout, I'm interested by your opinion on this package. So, I would state something like: PYTHON_PYCRYPTODOMEX_LICENSE = \ BSD-2c, \ Public Domain (pycrypto original code), \ OCB license (OCB cypher) Regards, Yann E. MORIN.
Hello, On Sat, 22 Sep 2018 22:36:28 +0300, Asaf Kahlon wrote: > Cryptographic library for Python > > Signed-off-by: Asaf Kahlon <asafka7@gmail.com> > --- > DEVELOPERS | 1 + > package/Config.in | 1 + > package/python-pycryptodomex/Config.in | 6 ++++++ > .../python-pycryptodomex/python-pycryptodomex.hash | 5 +++++ > .../python-pycryptodomex/python-pycryptodomex.mk | 14 ++++++++++++++ > 5 files changed, 27 insertions(+) > create mode 100644 package/python-pycryptodomex/Config.in > create mode 100644 package/python-pycryptodomex/python-pycryptodomex.hash > create mode 100644 package/python-pycryptodomex/python-pycryptodomex.mk Applied to master with the license information fixed, as per the discussion with Yann. Thomas
On 9/10/18 22:19, Yann E. MORIN wrote: > Thomas, Asaf, All, > > On 2018-10-09 15:56 +0200, Thomas Petazzoni spake thusly: >> On Sat, 22 Sep 2018 22:36:28 +0300, Asaf Kahlon wrote: >>> Cryptographic library for Python >>> +PYTHON_PYCRYPTODOMEX_LICENSE = Apache-2.0 >> >> I am not sure this is an accurate description of the license terms. >> Reading https://pycryptodome.readthedocs.io/en/latest/src/license.html >> (which is the same as the LICENSE.rst you use as a license file), it >> says: >> >> """ >> The source code in PyCryptodome is partially in the public domain and >> partially released under the BSD 2-Clause license. >> """ >> >> There is also the text of the Apache 2.0 license, but it doesn't say to >> which part of the code it applies. > > It states: Apache 2.0 license (Wycheproof) > And by grepping the source tree, it seems that 'Wycheproof' is the > slef-test test harness, as we can only find it in lib/Crypto/SelfTest/ > and in setup.py, supposedly to ignore warnign from said test harness, and > to list it as the data to package. > > So, I think we can ignore the Apache-2.0 license, as it does not cover > stuff that goes on the target. Ack that. Si Apache-2.0 is definitely wrong. >> And there is a special constraint for the OCB cipher, that it cannot be >> used for military purposes. I am not sure how Debian accepts that, but >> they do accept it: >> https://metadata.ftp-master.debian.org/changelogs/main/p/pycryptodome/pycryptodome_3.6.1-2_copyright. > > In fact, there are 3 licenses under which OCB is made available; > http://web.cs.ucdavis.edu/~rogaway/ocb/license.htm > > * License 1 — License for Open-Source Software Implementations of OCB > (Jan 9, 2013) > > * License 2 — General License for Non-Military Software Implementations > OCB (Jan 10, 2013). > > * License 3 — Patent License for OpenSSL (Nov 13, 2013). Note that all three of them are *patent* licenses. That's why Debian doesn't make a problem of it. Debian only uses license 1. The OCB *code* is all under BSD-2-Clause, as far as I can see. There are actually 2 implementations: one in python that does not come from pycrypto AFAICS, and one from libtom. > > As far as I understand the licensing terms, OCB is available udner any > license to the choosing of the user of OCB. The pycryptodome developpers > have not choosen a license, and instead decided to propagate that choice > down to the user of pycryptodome. Ack. > >> Yann, Arnout, I'm interested by your opinion on this package. > > So, I would state something like: > > PYTHON_PYCRYPTODOMEX_LICENSE = \ > BSD-2c, \ BSD-2-Clause > Public Domain (pycrypto original code), \ > OCB license (OCB cypher) I would clarify this as "OCB patent license". The (OCB cypher) is not really useful IMO. Anyway OCB is not a cipher, it's a mode. In terms of license files, in addition to LICENSE.rst, I think we also need Doc/LEGAL/COPYRIGHT.pycrypto Regards, Arnout > > Regards, > Yann E. MORIN. >
Hello, On Wed, 10 Oct 2018 23:13:40 +0200, Arnout Vandecappelle wrote: > >> Yann, Arnout, I'm interested by your opinion on this package. > > > > So, I would state something like: > > > > PYTHON_PYCRYPTODOMEX_LICENSE = \ > > BSD-2c, \ > > BSD-2-Clause I fixed that when applying. > > Public Domain (pycrypto original code), \ > > OCB license (OCB cypher) > > I would clarify this as "OCB patent license". The (OCB cypher) is not really > useful IMO. Anyway OCB is not a cipher, it's a mode. > > In terms of license files, in addition to LICENSE.rst, I think we also need > Doc/LEGAL/COPYRIGHT.pycrypto Asaf, could you send a follow-up patch fixing this, according to Arnout comments ? Thanks! Thomas
diff --git a/DEVELOPERS b/DEVELOPERS index 84129553c5..4c49cc3908 100644 --- a/DEVELOPERS +++ b/DEVELOPERS @@ -205,6 +205,7 @@ F: package/python-fire/ F: package/python-jsonmodels/ F: package/python-paramiko/ F: package/python-pyasn1/ +F: package/python-pycryptodomex/ F: package/python-pyroute2/ F: package/python-pytz/ F: package/python-reentry/ diff --git a/package/Config.in b/package/Config.in index c04645a30b..826182cdb3 100644 --- a/package/Config.in +++ b/package/Config.in @@ -922,6 +922,7 @@ menu "External python modules" source "package/python-pycli/Config.in" source "package/python-pycparser/Config.in" source "package/python-pycrypto/Config.in" + source "package/python-pycryptodomex/Config.in" source "package/python-pydal/Config.in" source "package/python-pyelftools/Config.in" source "package/python-pyftpdlib/Config.in" diff --git a/package/python-pycryptodomex/Config.in b/package/python-pycryptodomex/Config.in new file mode 100644 index 0000000000..c7127fee59 --- /dev/null +++ b/package/python-pycryptodomex/Config.in @@ -0,0 +1,6 @@ +config BR2_PACKAGE_PYTHON_PYCRYPTODOMEX + bool "python-pycryptodomex" + help + Cryptographic library for Python. + + http://www.pycryptodome.org diff --git a/package/python-pycryptodomex/python-pycryptodomex.hash b/package/python-pycryptodomex/python-pycryptodomex.hash new file mode 100644 index 0000000000..3dec1a1442 --- /dev/null +++ b/package/python-pycryptodomex/python-pycryptodomex.hash @@ -0,0 +1,5 @@ +# md5, sha256 from https://pypi.org/pypi/pycryptodomex/json +md5 7e1884f55077ed2e48d36565525b1657 pycryptodomex-3.6.6.tar.gz +sha256 d0d448484e161786922b41e112b5d7cf76ef5f0c725ea5107ef866bb14a38b12 pycryptodomex-3.6.6.tar.gz +# Locally computed sha256 checksums +sha256 fc884f6492490d0f227613ee900ff2a27e6879b79ee637c53a4697238bf12970 LICENSE.rst diff --git a/package/python-pycryptodomex/python-pycryptodomex.mk b/package/python-pycryptodomex/python-pycryptodomex.mk new file mode 100644 index 0000000000..aa1293df6b --- /dev/null +++ b/package/python-pycryptodomex/python-pycryptodomex.mk @@ -0,0 +1,14 @@ +################################################################################ +# +# python-pycryptodomex +# +################################################################################ + +PYTHON_PYCRYPTODOMEX_VERSION = 3.6.6 +PYTHON_PYCRYPTODOMEX_SOURCE = pycryptodomex-$(PYTHON_PYCRYPTODOMEX_VERSION).tar.gz +PYTHON_PYCRYPTODOMEX_SITE = https://files.pythonhosted.org/packages/95/10/f3bd758050da1c08ea30c8b4daf9ff895f306b780f07430fcc9b38722e1b +PYTHON_PYCRYPTODOMEX_SETUP_TYPE = setuptools +PYTHON_PYCRYPTODOMEX_LICENSE = Apache-2.0 +PYTHON_PYCRYPTODOMEX_LICENSE_FILES = LICENSE.rst + +$(eval $(python-package))
Cryptographic library for Python Signed-off-by: Asaf Kahlon <asafka7@gmail.com> --- DEVELOPERS | 1 + package/Config.in | 1 + package/python-pycryptodomex/Config.in | 6 ++++++ .../python-pycryptodomex/python-pycryptodomex.hash | 5 +++++ .../python-pycryptodomex/python-pycryptodomex.mk | 14 ++++++++++++++ 5 files changed, 27 insertions(+) create mode 100644 package/python-pycryptodomex/Config.in create mode 100644 package/python-pycryptodomex/python-pycryptodomex.hash create mode 100644 package/python-pycryptodomex/python-pycryptodomex.mk