search

exaexa / codecrypt

Post-quantum cryptography tool (THIS REPOSITORY IS ONLY A MIRROR OF THE MAIN ONE, PLEASE DO NOT FILE BUGS HERE)
https://gitea.blesmrt.net/exa/codecrypt
GNU Lesser General Public License v3.0
308 stars 40 forks source link

Use LGPL v2.1 instead of v3 for better license compatibility #27

Closed IBPX closed 6 years ago

IBPX commented 6 years ago

If you want to facilitate inclusion in other software, I think LGPL v2.1 is a much better choice, as LGPL v3 code can not be included in GPL v2 code (though it can be included in proprietary software), but LGPL v2.1 code can be included in both GPL v2 and v3 code.

See the GNU license compatibility chart.

If you want to switch, three people need to agree to re-licensing their contributions under the LGPL v2.1:

exaexa commented 6 years ago

This is, in fact, a good question. I've chosen LGPL3 so that codecrypt can be loaded as library and used as such without restriction (I have no problem with that), on the other hand I have trouble with closed hardware (that GPL3 strictly denies). As I read the compatibility chart, I'm not even sure if codecrypt can link with crypto++ and fftw3 without violating the license. Any suggestions?

Also, I'm not sure if we should relicense given there isn't even a draft of any inclusion. If you'd know about anything, please share.

infinity0 commented 6 years ago

I don't think I contributed enough to be significant for copyright purposes, but in any case I agree to relicense to whatever everyone else thinks is necessary (as long as it's copyleft).

Personally I recommend sticking with LGPL3 unless there is a specific GPL2-only software that would like to link with codecrypt, where this becomes a concrete and not just hypothetical issue.

IBPX commented 6 years ago

FFTW3 is licensed as GPL v2 or later so codecrypt including it is okay, but the resulting combination is licensed under the GPL v3 and not the LGPL. Source of codecrypt is still LGPL, so someone could theoretically fork it and remove its dependency on FFTW3, and the resulting product would just be LGPL.

Crypto++ uses the Boost license which is GPL compatible according to the FSF, and from my (non-lawyer) reading of the license itself, seems like it should be LGPL compatible as well (without conveying the resulting combination as GPL), but I'm not sure.

I don't know of any GPL v2-only software that wants to use codecrypt. This is just a hypothetical issue, but I think the more compatibility the better if there are no significant trade-offs that devs here care about. The main trade-off from what I've gathered is between more compatibility (which LGPL v2.1 offers) and disallowing closed hardware (which v3 does).

@infinity0 wrote:

I don't think I contributed enough to be significant for copyright purposes, but in any case I agree to relicense to whatever everyone else thinks is necessary (as long as it's copyleft).

I think the contributions by you and @mapmeld might be insignificant for copyright, but it's good to make sure.

exaexa commented 6 years ago

about fftw3 -- we are linking against it, not including it, I guess that's the same?

exaexa commented 6 years ago

Timed out. Please reopen if you have a working project that will benefit from licence change.