LGPL vs. OCB license

Jan Kiszka jan.kiszka at siemens.com
Fri Dec 15 18:09:23 CET 2017

On 2017-12-15 17:32, Werner Koch wrote:
> On Fri, 15 Dec 2017 15:03, jan.kiszka at siemens.com said:
>> My concern is now that this restriction excludes runtime linking as the
>> LGPL would otherwise allow. And because cipher-ocb.c is an unconditional
>> part of libgcrypt (unless you do local package surgery...), I would
>> interpret this as the library becoming effectively GPL this way. Am I wrong?
> The mentioned patent license granted by Rogaway and the software license
> are two very different things and can't be compared.  Thus your
> assumptions that you have effectively the GPL is not correct.

Good point. But while the code will not become GPL, the combination of
the OCB implementation and the usage of libgcrypt in scopes where the
patent applies should make the usage conditions similar to GPL.

> I am not allowed to give any legal advise but I would suggest that you
> check out the other license options provided by Rogaway.  For example
> license 2 which can be used for almost all kind of usages in software.

This one excludes non-commercial use, hmm... too bad (with corporate hat

> In any case, if you use a certain software you better check all other
> conditions on whether you are able to use and distribute the software -
> regardless of the software license.  This may include patent research,
> trademark issues, or whether you are eligible to execute the rights
> granted by the license (for example permanent termination of the license
> due to prior violation of it).  I am pretty sure your legal department
> knows about all of this.

Legal departments are quick with "simple" obligations like "remove that
file", and then you do the aforementioned package surgery which is what
I want to reduce to zero for various good reasons, in standard distros
packages or ideally already in upstream.

I'm not deep into the crypto design at all, but is there a way to
exclude to usage of this implementation during runtime?

libgcrypt will surely pop up in many license analysis tools as distros
move to a version that now contains the OCB implementation with that
patent reference. Having good technical answers how to deal with them is
what I searching for. The legal assessment will remain to the experts,
but they need input from the engineering side as well.


Siemens AG, Corporate Technology, CT RDA ITP SES-DE
Corporate Competence Center Embedded Linux

More information about the Gcrypt-devel mailing list