str4d / ed25519-java

Pure Java implementation of EdDSA
Creative Commons Zero v1.0 Universal
220 stars 74 forks source link

Change license from CC0 to some OSI license #76

Open cfranzen opened 5 years ago

cfranzen commented 5 years ago

Currently CC0 license is not approved from the Open Source Initiative (OSI) and although CC0 is not a "strange" license at all it has some problems in certain jurisdictions especial in europe (e.g. Germany). My company (residing in Germany) want's to use that greate library but our legal department raised the concern that this is not possible in Germany without risk. So I am wondering if it would be possible to change the license of this library or do some double licensing with any of the widespread OSI licensed (Apache, BSD, MIT, ...).

str4d commented 5 years ago

Prior to being CC0-licensed in 2015, the code was marked as public domain. I received explicit consent to license as CC0 from all contributors (in #11). So at all times contributors have considered their contributions to be "public domain", and usable for any purpose without any copyright restrictions.

In theory this means that I could probably double-license this library without consultation. And I'd personally be fine with adding MIT as an option. But I'd prefer to re-obtain consent from the various contributors, which could take some time.

Alternatively, I have been working on a new non-JCA Ed25519 library that is MIT-licensed (https://github.com/cryptography-cafe/ed25519-elisabeth), which I will eventually be using inside this library. The underlying curve arithmetic library, also MIT-licensed (https://github.com/cryptography-cafe/curve25519-elisabeth) does use some field arithmetic that I extracted from this library, which I am allowed to do under the terms of the CC0 license (and the code I ported was IIRC almost all code that I originally contributed to this library).

cfranzen commented 5 years ago

Thanks for providing the links to the alternative libraries. Unfortunately, your library is a transitive dependency for us. Actually we want to use the SSHJ library (https://github.com/hierynomus/sshj/) which depends on your library. So switching to another library will involve a code change in SSHJ. Not sure if that is possible. However, I believe having MIT as alternative license would be a benefit in any case. So it would be greate if you can get in contact with the other contributors and ask them if they will support a double license approach. Please let me know if I can be of any help.