Question about using PKI.js
Categories
(mozilla.org :: Licensing, task)
Tracking
(Not tracked)
People
(Reporter: carolina.jimenez.g, Assigned: mhoye)
Details
Hello, I was reading the Mozilla License Policy and it says we should consult the licensing team before importing Third Party Code, we would like to use PKI.js in our project (Implement a new certificate viewer for Firefox), is it possible to do so?
Thank you.
|
Reporter | |
Updated•6 years ago
|
|
Assignee | |
Comment 1•6 years ago
|
||
The license involved in that project - https://github.com/PeculiarVentures/PKI.js/blob/master/LICENSE - is standard 3-clause BSD, and code under that license can be integrated with MPL-licensed codebases and used in Mozilla products.
Having said that, we also have an institutional interest in understanding (and limiting) the number of cryptographic stacks we rely on, so if you're importing cryptographic libraries into any Mozilla product you need a green light from a crypto domain expert regardless of the licensing situation.
Mr. Jones, could I trouble you to weigh in here?
|
||
Comment 2•6 years ago
|
||
This is a good move overall, but I feel like we should do an audit of the PKI.js code before this gets released. Relying on it for test code or extensions code is a lower-risk profile than using it in the product.
I'll leave my ni? here as a reminder, while I ask how to move this forward. In the meantime, I think you should proceed with using PKI.js, as I think it's unlikely we find any showstoppers with it -- but we might end up wanting to submit fixes upstream (maybe).
|
|
||
Comment 3•6 years ago
|
||
CryptoEng is good here. We're going to work with getting a security review done via the secreview process, but I think for the sake of this bug we're resolved. Thanks for the ping, Mike!
|
||
Updated•2 years ago
|
Description
•