search

digitalbazaar / forge

A native implementation of TLS in Javascript and tools to write crypto-based and network-heavy webapps
https://digitalbazaar.com/
Other
5.03k stars 777 forks source link

lib/pkcs1.js lack original "intact copy of copyright notice" #637

Open jonassmedegaard opened 5 years ago

jonassmedegaard commented 5 years ago

The file <lib/pkcs1.js> states being derived from https://github.com/kjur/jsjws/blob/master/rsa.js. That URL no longer exist, but seems to be referenced at https://github.com/kjur/jsjws/blob/master/ext/THIRDPARTY_LICENSE.jsonsans.txt which includes the following:

 * In addition, the following condition applies:
 *
 * All redistributions must retain an intact copy of this copyright notice
 * and disclaimer.

That note (and possible other parts, didn't inspect more detailed) seems missing from the derived file included with Forge, and there seem to be no notice of a different license being granted from Tom Wu either.

Problaby easiest solved by including the full original copyright and license text.

davidlehn commented 5 years ago

@dlongley I don't know the history here. Maybe you can provide some insight? Looks like jsjws moved over to jsrsasign. That has a bunch of license text from various projects. Any thoughts on what needs to be done here? https://github.com/kjur/jsjws/ https://github.com/kjur/jsrsasign