[Python-Dev] license issues with profiler.py and md5.h/md5c.c

Donovan Baarda abo at minkirri.apana.org.au
Sat Feb 19 06:38:36 CET 2005

From: "Martin v. Löwis" <martin at v.loewis.de>
> Donovan Baarda wrote:
> > This patch keeps the current md5c.c, md5module.c files and adds the
> > following; _hashopenssl.c, hashes.py, md5.py, sha.py.
> [...]
> > If all we wanted to do was fix the md5 module
> If we want to fix the licensing issues with the md5 module, this patch
> does not help at all, as it keeps the current md5 module (along with
> its licensing issues). So any patch to solve the problem will need
> to delete the code with the questionable license.

It maybe half fixes it in that if Python is happy with the RSA one, they can
continue to include it, and if Debian is unhappy with it, they can remove it
and build against openssl.

It doesn't fully fix the license problem. It is still worth considering
because it doesn't make it worse, and it does allow Python to use much
faster implementations and support other digest algorithms when openssl is

> Then, the approach in the patch breaks the promise that the md5 module
> is always there. It would require that OpenSSL is always there - a
> promise that we cannot make (IMO).

It would be better if found an alternative md5c.c. I found one that was the
libmd implementation that someone mildly tweaked and then slapped an LGPL
on. I have a feeling that would make the lawyers tremble more than the
"public domain" libmd one, unless they are happy that someone else is
prepared to wear the grief for slapping a LGPL onto something public domain.

Probably the best at the moment is the sourceforge one, which is listed as
having a "zlib/libpng licence".

Donovan Baarda                http://minkirri.apana.org.au/~abo/

More information about the Python-Dev mailing list