Commit 51f94caba11df1b592f7477cb62768d7f6e20eda
2018-03-31T10:36:06
Build: Use Colin Plumb's public domain MD5 code ... instead of the RSA code, the license for which contains an advertising clause. It is strongly believed that the RSA advertising clause is innocuous, because: - A clarification from RSA (http://www.ietf.org/ietf-ftp/IPR/RSA-MD-all), published in 2000, stated: "Implementations of these message-digest algorithms, including implementations derived from the reference C code in RFC-1319, RFC-1320, and RFC-1321, may be made, used, and sold without license from RSA for any purpose." Referring to the opinion from Fedora's legal team (https://fedoraproject.org/wiki/Licensing:FAQ?rd=Licensing/FAQ#What_about_the_RSA_license_on_their_MD5_implementation.3F_Isn.27t_that_GPL-incompatible.3F), this means that md5.c and md5.h, which were derived from the original RFC 1321 reference code (http://www.faqs.org/rfcs/rfc1321.html), can be used without the RSA license. - In the context of libjpeg-turbo, RSA's MD5 code was used only in the build/test system. It was not part of the libjpeg-turbo binary distribution, and thus the only "material mentioning or referencing" the MD5 code was the libjpeg-turbo source code, which-- by virtue of including RSA's original copyright headers-- properly attributed the code as required under the RSA license. However, in light of the open source community's tendency to have knee-jerk reactions to stuff like this, it would've been necessary to include the above explanation in our source tree in order to head off potential FUD, and a simple fix is always better than a complex explanation. This commit also assigns the 3-clause BSD license to my modifications of the MD5 code. This license is the same one used by md5cmp and other parts of the build system.