Niels Möller nisse at
Tue Dec 10 15:01:17 CET 2013

Nikos Mavrogiannopoulos <nmav at> writes:

>>> Well, I really want to think that it is also about collaboration.

> On Tue, Dec 10, 2013 at 11:15 AM, Werner Koch <wk at> wrote:

>> Right, I thought about the same lines but back then Niels decided to
>> compile his own library without the need to comply to the strict GNU
>> rules.  Thus he was able to use all kind of code while I was not.

I'm sorry you feel like this. There are historic reasons (and the first
release of Nettle happened more than a decade ago). The code started as
the Pike cryptographic toolkit which I and Henrik Grubbström did in 1996
or so, we needed this to implement SSL for the Roxen webserver, which is
written in Pike (Henrik first wrote some glue to use openssl, or
"ssleay" as it was known back in the day, but we then decided to write
our own SSL implementation).

This was GPLd, but neither Pike nor Roxen are GNU projects, copyright
assignments were never considered. A few years later, 1998, I started on
LSH, and reused the low-level C code. Half a year later, LSH was dubbed
a GNU package, with no large changes to the way it was developed. No
copyright assignment policy was imposed at that time (and since I wasn't
the sole author, it wouldn't have been trivial).

Then Nettle was spun off from LSH in 2001. Time went by, and in 2009 it
was dubbed a GNU package on its own, despite concerns about duplication
with libgcrypt. Maybe I could have done some things differently back
then, but I can't feel particularly guilty.

So what about today? Is FSF copyright assignment important to you, and
lack of Nettle CA a main show stopper for using Nettle in any way? I'd
like to know the obstacles, technical or other.

It would be possible, although some amount of boring work, to transfer
most nettle copyrights to the FSF. I think I understand both the
advantages and disadvantages which come with FSF copyright assignment.


Niels Möller. PGP-encrypted email is preferred. Keyid C0B98E26.
Internet email is subject to wholesale government surveillance.

More information about the Gcrypt-devel mailing list