[jitsi-dev] licenses


#1

Hi,

I found on the project page, the project is under lgpl.

I have to develop an zrtp proxy. And it could be, that this proxy will be used commercial and we don't want to publish it.
For the proxy i would like to use a zrtp-library. I see you use the zrtp4j-light.
Is this a fork from zrtp4j, with lgpgl license or is the license still GPLv3?
the srtp lib(sdes4j), uses the lgpl too.

Greetings
Bastian


#2

Hey Bastian,

ZRTP4J also uses the classpath exception so you should be ok.

Werner, please correct me if I am wrong.

Emil

···

On 20.03.12 21:32, Bastian Baist wrote:

Hi,

I found on the project page, the project is under lgpl.

I have to develop an zrtp proxy. And it could be, that this proxy will
be used commercial and we don't want to publish it.
For the proxy i would like to use a zrtp-library. I see you use the
zrtp4j-light.
Is this a fork from zrtp4j, with lgpgl license or is the license still
GPLv3?
the srtp lib(sdes4j), uses the lgpl too.

Greetings
Bastian


#3

Hey Bastian,

ZRTP4J also uses the classpath exception so you should be ok.

Werner, please correct me if I am wrong.

Correct Emil.

Emil

Hi,

I found on the project page, the project is under lgpl.

I have to develop an zrtp proxy. And it could be, that this proxy will
be used commercial and we don't want to publish it.

Hmmm - what type of "ZRTP" proxy do you have in mind? Similar to a trusted
PBX as shown in RFC 6189, chapter 7.3ff. While this functions was implemented
in ZRTP4J it was never really tested and is also somewhat tricky to use :slight_smile: .

Regards,
Werner

···

Am 20.03.2012 22:13, schrieb Emil Ivov:

On 20.03.12 21:32, Bastian Baist wrote:

For the proxy i would like to use a zrtp-library. I see you use the
zrtp4j-light.
Is this a fork from zrtp4j, with lgpgl license or is the license still
GPLv3?
the srtp lib(sdes4j), uses the lgpl too.

Greetings
Bastian


#4

Thanks for the quick response.

I see i didn't correctly write. The thing is, we have to have the option to use it commercial, because of possible new buisness partner. Currently it is a research project from University of Applied Science Darmstadt (www.h-da.de) (U-CAN - Universal Call Authentication, https://www.fbi.h-da.de/organisation/personen/plies-andreas/universal-call-authentication.html - i hope google translate is enough for the none german speaker). It is not exactly mathing the standard. For that reason i have to develop an own version.

Regards,
Bastian

···

Am 21.03.2012 16:44, schrieb Werner Dittmann:

Am 20.03.2012 22:13, schrieb Emil Ivov:

Hey Bastian,

ZRTP4J also uses the classpath exception so you should be ok.

Werner, please correct me if I am wrong.

Correct Emil.

Emil

On 20.03.12 21:32, Bastian Baist wrote:

Hi,

I found on the project page, the project is under lgpl.

I have to develop an zrtp proxy. And it could be, that this proxy will
be used commercial and we don't want to publish it.

Hmmm - what type of "ZRTP" proxy do you have in mind? Similar to a trusted
PBX as shown in RFC 6189, chapter 7.3ff. While this functions was implemented
in ZRTP4J it was never really tested and is also somewhat tricky to use :slight_smile: .

Regards,
Werner

For the proxy i would like to use a zrtp-library. I see you use the
zrtp4j-light.
Is this a fork from zrtp4j, with lgpgl license or is the license still
GPLv3?
the srtp lib(sdes4j), uses the lgpl too.

Greetings
Bastian


#5

Hey Bastian

If I understand your project correctly, you want to use the ePerso signature
to authenticate your peer. But why do you want to take ZRTP for this?
We (the University of Applied Sciences Northwestern Switzerland) developed a
system based on Jitsi and MIKEY that uses the SuisseID, an X.509 certificate
stick [1]. The MIKEY stuff is not (yet?) in the official Jitsi repository,
but I can give you the patches. They are under LGPL as well.

The thing about the licenses is as follows (Emil, please correct me if I'm
wrong): You can use the stuff in a commercial project. You can use the
LGPL-libraries in a closed-source project, but any modifications to the
library itself must be made open-source again.

Regards,
Ingo

[1]
http://www.fhnw.ch/technik/imvs/forschung/projekte/secure_voice_over_public_
internet

···

-----Original Message-----
From: Bastian Baist [mailto:baist.bastian@gmx.de]
Sent: Freitag, 23. März 2012 14:57
To: dev@jitsi.java.net
Subject: [jitsi-dev] Re: licenses
Thanks for the quick response.

I see i didn't correctly write. The thing is, we have to have the option
to use it commercial, because of possible new buisness partner.
Currently it is a research project from University of Applied Science
Darmstadt (www.h-da.de) (U-CAN - Universal Call Authentication,
https://www.fbi.h-da.de/organisation/personen/plies-andreas/universal-cal
l- authentication.html - i hope google translate is enough for the none
german speaker). It is not exactly mathing the standard. For that reason
i have to develop an own version.

Regards,
Bastian

Am 21.03.2012 16:44, schrieb Werner Dittmann:

Am 20.03.2012 22:13, schrieb Emil Ivov:

Hey Bastian,

ZRTP4J also uses the classpath exception so you should be ok.

Werner, please correct me if I am wrong.

Correct Emil.

Emil

On 20.03.12 21:32, Bastian Baist wrote:

Hi,

I found on the project page, the project is under lgpl.

I have to develop an zrtp proxy. And it could be, that this proxy will
be used commercial and we don't want to publish it.

Hmmm - what type of "ZRTP" proxy do you have in mind? Similar to a
trusted PBX as shown in RFC 6189, chapter 7.3ff. While this functions
was implemented in ZRTP4J it was never really tested and is also
somewhat tricky to use :slight_smile: .

Regards,
Werner

For the proxy i would like to use a zrtp-library. I see you use the
zrtp4j-light.
Is this a fork from zrtp4j, with lgpgl license or is the license still
GPLv3?
the srtp lib(sdes4j), uses the lgpl too.

Greetings
Bastian


#6

Hey folks,

Hey Bastian

If I understand your project correctly, you want to use the ePerso signature
to authenticate your peer. But why do you want to take ZRTP for this?
We (the University of Applied Sciences Northwestern Switzerland) developed a
system based on Jitsi and MIKEY that uses the SuisseID, an X.509 certificate
stick [1]. The MIKEY stuff is not (yet?) in the official Jitsi repository,
but I can give you the patches. They are under LGPL as well.

The thing about the licenses is as follows (Emil, please correct me if I'm
wrong): You can use the stuff in a commercial project. You can use the
LGPL-libraries in a closed-source project, but any modifications to the
library itself must be made open-source again.

I am not a lawyer, but that is also my understanding, yes.

It is also my impression that the same is true for GPL libraries with
the classpath exception.

Cheers,
Emil

···

On 23.03.12 15:59, Ingo Bauersachs wrote:

Regards,
Ingo

[1]
http://www.fhnw.ch/technik/imvs/forschung/projekte/secure_voice_over_public_
internet

-----Original Message-----
From: Bastian Baist [mailto:baist.bastian@gmx.de]
Sent: Freitag, 23. März 2012 14:57
To: dev@jitsi.java.net
Subject: [jitsi-dev] Re: licenses
Thanks for the quick response.

I see i didn't correctly write. The thing is, we have to have the option
to use it commercial, because of possible new buisness partner.
Currently it is a research project from University of Applied Science
Darmstadt (www.h-da.de) (U-CAN - Universal Call Authentication,
https://www.fbi.h-da.de/organisation/personen/plies-andreas/universal-cal
l- authentication.html - i hope google translate is enough for the none
german speaker). It is not exactly mathing the standard. For that reason
i have to develop an own version.

Regards,
Bastian

Am 21.03.2012 16:44, schrieb Werner Dittmann:

Am 20.03.2012 22:13, schrieb Emil Ivov:

Hey Bastian,

ZRTP4J also uses the classpath exception so you should be ok.

Werner, please correct me if I am wrong.

Correct Emil.

Emil

On 20.03.12 21:32, Bastian Baist wrote:

Hi,

I found on the project page, the project is under lgpl.

I have to develop an zrtp proxy. And it could be, that this proxy will
be used commercial and we don't want to publish it.

Hmmm - what type of "ZRTP" proxy do you have in mind? Similar to a
trusted PBX as shown in RFC 6189, chapter 7.3ff. While this functions
was implemented in ZRTP4J it was never really tested and is also
somewhat tricky to use :slight_smile: .

Regards,
Werner

For the proxy i would like to use a zrtp-library. I see you use the
zrtp4j-light.
Is this a fork from zrtp4j, with lgpgl license or is the license still
GPLv3?
the srtp lib(sdes4j), uses the lgpl too.

Greetings
Bastian