Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

license issue related to the OASIS IPR Policy #13906

Closed
Mingli-Yu opened this issue Apr 18, 2022 · 15 comments
Closed

license issue related to the OASIS IPR Policy #13906

Mingli-Yu opened this issue Apr 18, 2022 · 15 comments
Labels
jetsam "...cargo that is cast overboard to lighten the load in time of distress" locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. stale-issue

Comments

@Mingli-Yu
Copy link

The file
https://github.com/containers/podman/blob/main/vendor/github.com/miekg/pkcs11/pkcs11.h has some line about OASIS IPR Policy [1], is it possible to avoid the license issue?

[1] https://www.oasis-open.org/policies-guidelines/ipr/
@mheon
Copy link
Member

mheon commented Apr 18, 2022

This is an indirect dependency - we don't directly use it, but our libraries do. I think the main consumer is ocicrypt? Will probably need to bring this up with their maintainers and see if there are alternatives.

@Mingli-Yu
Copy link
Author

Thanks @mheon for your follow-up.
miekg/pkcs11#157

@vrothberg
Copy link
Member

Cc @lumjjb

@lumjjb
Copy link

lumjjb commented Apr 23, 2022

@stefanberger

@stefanberger
Copy link

This is an indirect dependency - we don't directly use it, but our libraries do. I think the main consumer is ocicrypt? Will probably need to bring this up with their maintainers and see if there are alternatives.

I don't know of any alternatives. What is the exact issue?

@Mingli-Yu
Copy link
Author

@stefanberger
The file
https://github.com/containers/podman/blob/main/vendor/github.com/miekg/pkcs11/pkcs11.h has some line about OASIS IPR Policy [1] which should be proprietary.
[1] https://www.oasis-open.org/policies-guidelines/ipr/

@stefanberger
Copy link

@Mingli-Yu Sorry, I am not following. What does that mean that "the file has some line about OASIS IPR Policy which should be proprietary"? Does it mean the header file(s) should be non-public? If so, where does it say that?

@stefanberger
Copy link

OASIS publishes header files here: https://github.com/oasis-tcs/pkcs11/tree/master/published/3-00

@Mingli-Yu
Copy link
Author

@stefanberger
1, The file included in podman as https://github.com/containers/podman/blob/main/vendor/github.com/miekg/pkcs11/pkcs11.h should come from https://github.com/miekg/pkcs11 which is different from https://github.com/oasis-tcs/pkcs11 which you mentioned.
2, And what we concern if podman uses https://github.com/miekg/pkcs11 and https://github.com/containers/podman/blob/main/vendor/github.com/miekg/pkcs11/pkcs11.h claims OASIS IPR Policy [1], maybe it affects the podman is open-sources or not?
[1] https://www.oasis-open.org/policies-guidelines/ipr/

@stefanberger
Copy link

@Mingli-Yu The file from https://github.com/miekg/pkcs11 is exactly this one here: https://github.com/oasis-tcs/pkcs11/blob/master/published/2-40-errata-1/pkcs11.h . And the pkcs11f.h files also match.

# sha1sum.exe oasis-pkcs11/published/2-40-errata-1/pkcs11.h miekg-pkcs11/pkcs11.h
1b03c80c5e68f2f82c580843906df41ed5c6886f *oasis-pkcs11/published/2-40-errata-1/pkcs11.h
1b03c80c5e68f2f82c580843906df41ed5c6886f *miekg-pkcs11/pkcs11.h

# sha1sum.exe oasis-pkcs11/published/2-40-errata-1/pkcs11f.h  miekg-pkcs11/pkcs11f.h
e75b76f6c0ee7e686f07525e929b665993fdfff2 *oasis-pkcs11/published/2-40-errata-1/pkcs11f.h
e75b76f6c0ee7e686f07525e929b665993fdfff2 *miekg-pkcs11/pkcs11f.h

There are additions to the pkcs11t.h in miekg's repo:

diff oasis-pkcs11/published/2-40-errata-1/pkcs11t.h miekg-pkcs11/pkcs11t.h
385a386,390
> #define CKK_SHA3_224_HMAC       0x00000033UL
> #define CKK_SHA3_256_HMAC       0x00000034UL
> #define CKK_SHA3_384_HMAC       0x00000035UL
> #define CKK_SHA3_512_HMAC       0x00000036UL
>
612a618,621
> #define CKM_DSA_SHA3_224               0x00000018UL
> #define CKM_DSA_SHA3_256               0x00000019UL
> #define CKM_DSA_SHA3_384               0x0000001AUL
> #define CKM_DSA_SHA3_512               0x0000001BUL
645a655,663

[...] several more

@stefanberger
Copy link

stefanberger commented Apr 25, 2022
edited
Loading

@rjrelyea Are there any known issues with using the OASIS header files in other/golang/... projects?

@rjrelyea
Copy link

rjrelyea commented Apr 25, 2022 via email

@stefanberger
Copy link

I am wondering what the sticky points are in the license? Is it the Copyright Licenses?

@github-actions
Copy link

A friendly reminder that this issue had no activity for 30 days.

@edsantiago edsantiago added the jetsam "...cargo that is cast overboard to lighten the load in time of distress" label Jan 9, 2023
@edsantiago
Copy link
Member

Issue appears abandoned.

@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Sep 5, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 5, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
jetsam "...cargo that is cast overboard to lighten the load in time of distress" locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. stale-issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@edsantiago @stefanberger @lumjjb @mheon @vrothberg @rjrelyea @Mingli-Yu