[Python-Dev] license issues with profiler.py and md5.h/md5c.c

Bob Ippolito bob at redivi.com
Fri Feb 11 03:30:59 CET 2005

On Feb 10, 2005, at 9:15 PM, Donovan Baarda wrote:

> On Tue, 2005-02-08 at 11:52 -0800, Gregory P. Smith wrote:
>>> The md5.h/md5c.c files allow "copy and use", but no modification of
>>> the files. There are some alternative implementations, i.e. in glibc,
>>> openssl, so a replacement should be sage. Any other requirements when
>>> considering a replacement?
> One thing to consider is "degree of difficulty" :-)
>>> 	Matthias
>> I believe the "plan" for md5 and sha1 and such is to use the much
>> faster openssl versions "in the future" (based on a long thread
>> debating future interfaces to such things on python-dev last summer).
>> That'll sidestep any tedious license issue and give a better
>> implementation at the same time.  i don't believe anyone has taken the
>> time to make such a patch yet.
> I wasn't around for that discussion. There are two viable replacements
> for the RSA implementation currently used;
> libmd <http://www.penguin.cz/~mhi/libmd/>
> openssl <http://www.openssl.org/>.
> In the Linux world, openssl is starting to become ubiquitous, so not
> including it and statically or even dynamically linking against it is
> feasible. However, using Python in other lands will probably require
> something to be included.
> Long term, I think openssl is the way to go. Short term, libmd is a
> painless replacement that gets around the licencing issues.

OpenSSL is also ubiquitous on Mac OS X (as a shared lib):

Mac OS X 10.2.8 has OpenSSL 0.9.6i Feb 19 2003
Mac OS X 10.3.8 has OpenSSL 0.9.7b 10 Apr 2003

One possible alternative would be to bring in something like PyOpenSSL 
<http://pyopenssl.sourceforge.net/> and just rewrite the md5 (and sha?) 
extensions as Python modules that use that API.


More information about the Python-Dev mailing list