From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id AA8C2158012 for ; Wed, 22 Sep 2021 12:54:48 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id A32B0E0870; Wed, 22 Sep 2021 12:54:44 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 42B28E0866 for ; Wed, 22 Sep 2021 12:54:44 +0000 (UTC) Subject: Re: [gentoo-dev] Guidance on distributed patented software To: gentoo-dev@lists.gentoo.org Cc: licenses@gentoo.org References: From: Joshua Kinard Openpgp: preference=signencrypt Message-ID: Date: Wed, 22 Sep 2021 08:54:40 -0400 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=windows-1252 Content-Language: en-US Content-Transfer-Encoding: 7bit X-Archives-Salt: b4ac92ba-0810-466a-99de-42318f91bbdb X-Archives-Hash: a6a161d2ca7cabbc2162b57a39cc903a On 9/20/2021 14:15, Robin H. Johnson wrote: > On Mon, Sep 20, 2021 at 01:27:37PM -0400, Rich Freeman wrote: >> On Mon, Sep 20, 2021 at 12:46 PM Alec Warner wrote: >>> >>> Could we add some text to the license concepts covering patents? It >>> seems to have been omitted? >>> Is my understanding of how we manage patented software correct? >> >> I think you have the gist of it. Is there actually anything in the >> repo these days which is patent-encumbered? I realize this is a >> little tangential, but I think this is probably why we don't have a >> well-thought policy: it just doesn't come up much. > Elliptic Curve cryptography is the most topical & impactful thing I'm > aware of. > > RedHat have for many years stripped parts of it out of their OpenSSL & > libgcrypt packages, and continue to do it with OpenSSL-3 [1] (I note > that somebody has dropped these patches from Gentoo's openssl as of v3 > and I intend to restore them). > > RedHat's legal team clearly know something there that they aren't > disclosing the details of publicly, because the patches said the patents > expire in 2020, but when I asked off-list if EC could be re-enabled > based on the expiry dates in the files, they claimed that patent issues > were still present, without giving any detail. > > Somebody else ALSO asked about the Brainpool EC curves specifically and > similarly got nowhere [2]. > > [1] https://src.fedoraproject.org/rpms/openssl/c/347681c6b246d9b6a08c73bb40e5eefaf8596d71?branch=rawhide > [2] https://www.spinics.net/linux/fedora/fedora-legal/msg03673.html > [snip] Is there any advice on how this impacts net-misc/dropbear? That has ECC (both ECDSA and Ed25519) support, and I use it for SGI/MIPS netboot images. The build doesn't have any bindist uses in it, and ECC support is a localoptions.h compile-time option (enabled by default). ECC is much faster on old SGI hardware and generating the hostkeys at bootup takes just a second or two, whereas RSA can take up to 10-15 seconds. So I'd like to be able to use ECC on these platforms and distribute netboot images using them. -- Joshua Kinard Gentoo/MIPS kumba@gentoo.org rsa6144/5C63F4E3F5C6C943 2015-04-27 177C 1972 1FB8 F254 BAD0 3E72 5C63 F4E3 F5C6 C943 "The past tempts us, the present confuses us, the future frightens us. And our lives slip away, moment by moment, lost in that vast, terrible in-between." --Emperor Turhan, Centauri Republic