Re: IDEA-free CIPE|
Olaf Titz <olaf,AT,bigred,DOT,inka,DOT,de>|
Sun, 10 Dec 2000 21:58:48 +0100|
[CCd to CIPE mailing list; if people there have objections please
> I am the Debian maintainer for CIPE, and I was reported a bug against
> my package because the source included patent-encumbered IDEA code.
> I know software patents have barely any legal grounds in Europe, but
> something has to be done anyway. There are several solutions to this
> problem :
> 1) I put CIPE in the non-free section of Debian -- I don't want this
> very much because non-free isn't really part of Debian.
> 2) I butcher your tarballs and remove all IDEA code from them, and
> distribute these new tarballs within Debian as if they were the
> original source.
> 3) You provide some IDEA-free tarballs.
> The cleanest solution would be 3), but I suppose it would be an
> undesirable additional work for you. So I don't mind doing 2), but I
> wanted to know if you were OK with it. What do you think ?
I think I'm going in the (3) direction, as mostly everyone uses
Blowfish anyway and the IDEA code isn't really supported any more.
(I barely check if it compiles, sometimes.)
Ultimately there should be a way to use the crypto API from the
international kernel patch. This should be no problem for Debian
because the actual implementations of ciphers are then taken from
elsewhere. It will still work with an official kernel though, probably
For the CIPE 1.4 time, you should do (2): provide a version which
simply has the IDEA source files removed and the option to use them
disabled (removing three lines from configure.in should be all it
takes, I think the definitions in crypto.h can remain?). I'm not doing
any feature work on 1.4, the problem will be resolved with CIPE 1.5.