Reg: GMP LGPL3 License

Vincent Diepeveen diep at xs4all.nl
Fri May 19 08:56:28 UTC 2017 

hi Cade,

Nice link about Mikey Sakke:

https://www.benthamsgaze.org/2016/01/19/insecure-by-design-protocols-for-encrypted-phone-calls/

Especially the line:

'The aim of GCHQ’s development of MIKEY-SAKKE – to 
weaken security of in order to facilitate surveillance – is made clear 
through their activity on the 3GPP standardisation committee responsible 
for “Lawful Interception (LI)”: ensuring that law enforcement and 
intelligence agencies are able to eavesdrop on 4G cellphone calls. The 
National Technical Assistance Centre (NTAC), the part of GCHQ responsible 
for assisting law enforcement and intelligence agencies with decryption 
and data analysis, sits on this committee (known as the “3GPP SA3 LI”) and 
their representative served as secretary.'

Nice to know that GMP fulfills  GCHQ requirements :)

On Wed, 17 May 2017, Cade Brown wrote:

> I'm resending this, because gmp-discuss got removed from `To:`
>
> The legality of linking and including LGPL code is much more 'lawyer
> oriented' for version 3, so I understand your confusion.
>
> Using https://www.gnu.org/licenses/lgpl-3.0.en.html and https://www.gnu.org/
> licenses/gpl-3.0.en.html , I can see that you only need to include
> `Installation Information` if the GPL section 6 requires you too. Here is
> the relevant portions from GPL3, section 6: https://pastebin.com/hvX02ZbY
>
> As we can see from that, `Installation Information` is "any methods,
> procedures, authorization keys, or other information required to install
> and execute modified versions of a covered work in that User Product from a
> modified version of its Corresponding Source". So essentially, any barriers
> keeping users from installing a source or object version of a project.
>
> A few interesting clauses that may be relevant:
>
>  * If neither you or any other 3rd party have the right to install
> software on the `User Product`, you may not have to relinquish Installation
> Information (for example, if you wrote a ROM-space program, or perhaps a
> kernel).
>  * You must publish Installation Information publicly, and it must not
> require any passwords/keys/etc to read.
>  * As with most GPL software, there is no guarantee of merchantability,
> warranty, etc.
>  * It *sounds* (not concretely) like installation instructions do not have
> to support all platforms. For example, GMP is known to be extremely hard to
> compile on Windows (you have to use MINGW/CYGWIN, or use something like
> MPIR), and so installation instructions for Windows may be missing or
> incomplete.
>
> If you make GMP optional (even though it is slow without it) or detected, I
> am confident that not including installation instructions for your
> program/library would be fine.
>
> Although, I do ask, do you not want to share installation instructions? If
> you are fine with sharing them, I think doing that would be easiest.
>
> If you still don't want to share, I'll need a bit more details about your
> project.
>
> What is your project: is it a library, or a application/program (which is
> an executable)?
>
>
> ​Thanks,
>
> ~
> Cade Brown
> Lead Programmer For L&N STEMpunks FRC#3966
> chemicaldevelopment.us
>
> On Wed, May 17, 2017 at 3:30 PM, Cade Brown <brown.cade at gmail.com> wrote:
>
>> Karthik,
>>
>> The legality of linking and including LGPL code is much more 'lawyer
>> oriented' for version 3, so I understand your confusion.
>>
>> Using https://www.gnu.org/licenses/lgpl-3.0.en.html and
>> https://www.gnu.org/licenses/gpl-3.0.en.html , I can see that you only
>> need to include `Installation Information` if the GPL section 6 requires
>> you too. Here is the relevant portions from GPL3, section 6:
>> https://pastebin.com/hvX02ZbY
>>
>> As we can see from that, `Installation Information` is "any methods,
>> procedures, authorization keys, or other information required to install
>> and execute modified versions of a covered work in that User Product from a
>> modified version of its Corresponding Source". So essentially, any barriers
>> keeping users from installing a source or object version of a project.
>>
>> A few interesting clauses that may be relevant:
>>
>>   * If neither you or any other 3rd party have the right to install
>> software on the `User Product`, you may not have to relinquish Installation
>> Information (for example, if you wrote a ROM-space program, or perhaps a
>> kernel).
>>   * You must publish Installation Information publicly, and it must not
>> require any passwords/keys/etc to read.
>>   * As with most GPL software, there is no guarantee of merchantability,
>> warranty, etc.
>>   * It *sounds* (not concretely) like installation instructions do not
>> have to support all platforms. For example, GMP is known to be extremely
>> hard to compile on Windows (you have to use MINGW/CYGWIN, or use something
>> like MPIR), and so installation instructions for Windows may be missing or
>> incomplete.
>>
>> If you make GMP optional (even though it is slow without it) or detected,
>> I am confident that not including installation instructions for your
>> program/library would be fine.
>>
>> Although, I do ask, do you not want to share installation instructions? If
>> you are fine with sharing them, I think doing that would be easiest.
>>
>> If you still don't want to share, I'll need a bit more details about your
>> project.
>>
>> What is your project: is it a library, or a application/program (which is
>> an executable)?
>>
>>
>> ​Thanks,
>>
>> ~
>> Cade Brown
>> Lead Programmer For L&N STEMpunks FRC#3966
>> chemicaldevelopment.us
>>
>> On Wed, May 17, 2017 at 3:05 PM, Karthik Narayanan <karthikn82 at gmail.com>
>> wrote:
>>
>>> Hi Cade ,
>>>
>>> We are using https://bitbucket.org/a30151( an implementation of Mikey
>>> Sakke )  which is an LGPL2.1
>>> But this inturn uses GMP . We currently have GMP as a dynamically linked
>>> object. I have tried the option of removing GMP , but obviously thats
>>> making the decryption pretty slow.
>>> I know LGPL2.1 can be used. But LGPL3.1 seems to be a bit different as
>>> they say we need to provide the "Installation information " . Hence I am
>>> trying to understand what this means, and if its possible to get GMP
>>> commercial license in the worst case.
>>>
>>> Regards,
>>> Karthik
>>>
>>>
>>> On Thu, May 18, 2017 at 12:18 AM, Cade Brown <brown.cade at gmail.com>
>>> wrote:
>>>
>>>> Karthik,
>>>>
>>>> How does the company use GMP? Please give details, such as does their
>>>> code link against GMP libraries, is GMP support optional, etc
>>>>
>>>>
>>>> Thanks,
>>>> ~
>>>> Cade Brown
>>>> Lead Programmer For L&N STEMpunks FRC#3966
>>>> chemicaldevelopment.us
>>>>
>>>> On Wed, May 17, 2017 at 1:12 PM, Karthik Narayanan <karthikn82 at gmail.com
>>>> > wrote:
>>>>
>>>>> Hi All ,
>>>>> Hope this is the right forum to ask about LGPL3 license of GMP.
>>>>> Just wanted to know if any company uses  GMP , is it mandatory that they
>>>>> have to provide the Installation information ?
>>>>> The way I understand Installation information here would be the signing
>>>>> key
>>>>> of an app ( if the app uses GMP .) .
>>>>>
>>>>> Incase I messaged a wrong forum, would really appreciate if you could
>>>>> point
>>>>> to the right GMP group.
>>>>>
>>>>> Regards,
>>>>> Karthik
>>>>> _______________________________________________
>>>>> gmp-discuss mailing list
>>>>> gmp-discuss at gmplib.org
>>>>> https://gmplib.org/mailman/listinfo/gmp-discuss
>>>>>
>>>>
>>>>
>>>
>>
> _______________________________________________
> gmp-discuss mailing list
> gmp-discuss at gmplib.org
> https://gmplib.org/mailman/listinfo/gmp-discuss

More information about the gmp-discuss mailing list