On Fri, Apr 23, 2004 at 01:43:30PM +0300, Stas Pirogov wrote:
> However the license agreement for NetrekXPMod source
> is kinda inherited by the source code writers from COW
> to NetrekXP Mod, so the source code copyright is pretty same for
> all coders that touched it (at least for all that are
> mentioned in copyright.txt in distribution).

Not true.  The original source code license does not require future
contributions to have the same license.  It's a legal mess, but again,
irrelevant from a practical perspective.

> And of course we are talking about distribution of
> code without RSA key, because as far as I know
> nobody will giveup his RSA key.

This is another gray area.  All the source code to generate a binary
distribution is there (you can create your own RSA key), but the true
original source code for a generated binary is not fully available since
the key is not distributed.  This is another reason why Netrek source
code cannot released under a GPL even if we had the authority to.

> Now, could you expand a little bit about permission
> you received from US Bureau of Industry and Security ?
> I'm actually interested in history and I beleive most
> of developers would like to hear about that.

If you search google's archive of rec.games.netrek for RES-RSA posts
made by me and others, some old articles should show up that explains
the situation.  The brief summary is this:

Prior to 2000, the US Bureau of Export Administration (BXA) classified
high grade encryption software as a munition, which meant that such
software basically could not be exported outside of the US under most
circumstances.  Furthermore, RSA Labs owned exclusive patent rights to
the RSA encryption algorithm in the US at that time.  Fortunately, RSA
Labs allowed for royalty-free use of RSA for certain non-commercial use
provided that such permission was requested and granted.  Ray Jones (and
possibly others) originally secured that permission from RSA Labs, and
when I took over RES-RSA I reacquired permission from RSA Labs again
since I substantially rewrote the code.  Because of the BXA regulations,
however, RES-RSA could not be distributed outside of the US.  So there
was a European implementation of RES-RSA that was distributed
exclusively outside of the US, and the code was kept in sync.  I heard  
that the Euro version of RES-RSA was based on an illegal export of an
early version of US RES-RSA, but that may or may not be factual.

In 1/2000, BXA changed the regulations to allow unrestricted exports of
cryptographic software under their "open source" exception clause.  When
this happened, I registered RES-RSA and all netrek software that uses
RES-RSA with BXA to qualify for this exception.  Only software
distributed under netrek.org and sourceforge.net qualify for this
exception; any mirrors or copies hosted at other locations may or may
not qualify (but they should as long as they are exact copies).

Later in 2000, RSA Lab's patent on RSA expired.  This was irrelevant for
Netrek since we had acquired permission to use RSA inside the US and the
patent was not valid outside of the US.

Sometime in the last few years, BXA got renamed to Bureau of Industry
and Security.


vanilla-devel mailing list
vanilla-devel at us.netrek.org