All the new PKIX code that was contributed to NSS on the trunk has incorrect copyright boilerplate. The copyright boilerplate in all the new PKIX files needs to be fixed, including the new library code and the new test cmd code. This is a task that could be undertaken by someone who knows c and cvs even if they do not normally develop NSS libraries or test programs. ALL the new PKIX code files were contributed with a license boilerplate text that reads: * The Original Code is the Netscape security libraries. * * The Initial Developer of the Original Code is * Netscape Communications Corporation. * Portions created by the Initial Developer are Copyright (C) 1994-2000 * the Initial Developer. All Rights Reserved. * * Contributor(s): * Sun Microsystems That is incorrect in many ways. 1) This code was NOT part of Netscape's security libraries 2) Netscape Communications Corporation is NOT the Initial developer 3) This code did not exist in 1994. 4) This code has been changed since year 2000. This should have been corrected before the code was merged to the trunk. It MUST be corrected before NSS 3.12 RTM. We should come up with the correct name for the PKIX code. The Initial Developer of the Original Code is Sun Microsystems, Inc. The copyright date range must start with the year in which this C code was first written by the Sun team that started on it, and should end with the year 2007, since we are working on it this year.
What is the list of directories or files that is impacted ?
The copyright text should be: " /* * ***** BEGIN LICENSE BLOCK ***** * Version: MPL 1.1/GPL 2.0/LGPL 2.1 * * The contents of this file are subject to the Mozilla Public License Version * 1.1 (the "License"); you may not use this file except in compliance with * the License. You may obtain a copy of the License at * http://www.mozilla.org/MPL/ * * Software distributed under the License is distributed on an "AS IS" basis, * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License * for the specific language governing rights and limitations under the * License. * * The Original Code is the [PKIX_LIBRARY_NAME]. * * The Initial Developer of the Original Code is * Sun Microsystems, Inc. * Portions created by the Initial Developer are Copyright (C) [START_DATE]-2007 * the Initial Developer. All Rights Reserved. * * Contributor(s): * Sun Microsystems, Inc. * * Alternatively, the contents of this file may be used under the terms of * either the GNU General Public License Version 2 or later (the "GPL"), or * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), * in which case the provisions of the GPL or the LGPL are applicable instead * of those above. If you wish to allow use of your version of this file only * under the terms of either the GPL or the LGPL, and not to allow others to * use your version of this file under the terms of the MPL, indicate your * decision by deleting the provisions above and replace them with the notice * and other provisions required by the GPL or the LGPL. If you do not delete * the provisions above, a recipient may use your version of this file under * the terms of any one of the MPL, the GPL or the LGPL. * * ***** END LICENSE BLOCK ***** */ " Who has the missing information for: - [START_DATE]: date when Sun started the work on libpkix - [PKIX_LIBRARY_NAME]: Nelson seems to suggest that "the PKIX library" is not good enough. Any other suggestion ?
I found some of the missing information in Bug 358785: - list of new files in the following directories and sub-directories: mozilla/security/nss/cmd/libpkix mozilla/security/nss/lib/libpkix mozilla/security/nss/tests/libpkix - START_DATE: 2004 Still missing: proper name for [PKIX_LIBRARY_NAME]
It would be useful to go find the open source of the Java lib PKIX and find the string with which that code identifies itself. Then we should use a string that is similar, but not identical, to that one. Our string should identify that our library is a C language implementation, not Java.
I found the original license text for libpkix at http://libpkix.sourceforge.net/license.txt. I may need the assistance of a lawyer to sort things out. I also found a name for PKIX from the IETF web site: Public-Key Infrastructure X.509. I suggest that [PKIX_LIBRARY_NAME]="the Public-Key Infrastructure X.509 library". If you don't like it, please raise your hand and make another proposition.
Alternative for [PKIX_LIBRARY_NAME]="the Internet X.509 Public Key Infrastructure library" (from an alternate naming found on the IETF web site).
As the original author of the code, Sun is free to license the code to multiple parties under different license terms. The copyright notices for the different distributions should agree on the date or origin, and the name of the copyright holder. Let's keep the name nice and short. I like "libPKIX-C" or "PKIX-C" or "PKIX-C library".
Created attachment 278852 [details] License block Please review the license block before I modify 488 files (208 in lib/libpkix, 109 in cmd/libpkix and 171 in tests/libpkix).
Comment on attachment 278852 [details] License block Looks good to me. r=nelson
Created attachment 279013 [details] [diff] [review] Changes for lib/libpkix, cmd/libpkix and tests/libpkix Applies the License block from attachment #1 [details] [diff] [review] to all files under lib/libpkix, cmd/libpkix and tests/libpkix.
Comment on attachment 279013 [details] [diff] [review] Changes for lib/libpkix, cmd/libpkix and tests/libpkix r=nelson Thanks, Christophe
Changes committed to HEAD. Nelson asked me not to paste all the revs into the bug.