Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Bug]: Missing LICENSE file for pemutil/ssh.go's "BSD-style license" #632

Open
jas4711 opened this issue Nov 17, 2024 · 3 comments
Open
Assignees
Labels
bug Something isn't working needs triage

Comments

@jas4711
Copy link

jas4711 commented Nov 17, 2024

Steps to Reproduce

Hi. I'm packaging this for Debian, and we are going through license statements. The pemutil/ssh.go file begins with:

// Copyright 2012 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

But I cannot find this file in this package. Could you add it, or at least qualify which license applies to this work? "BSD-style" is not universially unambigious, and having clear licensing matters to Debian.

Your Environment

Debian

Expected Behavior

Appropriate LICENSE file included

Actual Behavior

Appropriate LICENSE file missing

Additional Context

No response

Contributing

No response

@jas4711 jas4711 added bug Something isn't working needs triage labels Nov 17, 2024
@jas4711
Copy link
Author

jas4711 commented Nov 17, 2024

Reading the code has a link to:

https://github.com/golang/crypto/blob/master/ssh/keys.go

Which uses this BSD-license:

https://github.com/golang/crypto/blob/master/LICENSE

I'm going to assume this is the intended "BSD-style" license, but clarifying this file would be good.

@maraino
Copy link
Contributor

maraino commented Nov 19, 2024

Hi @jas4711,

I added the header and the comment because I got the definition of the structure openSSHPrivateKey and the magic header from x/crypto/ssh. I did that because I needed to detect whether a key was password-protected.

In fact, I also moved those structs in x/crypto/ssh from anonymous structs to named ones. I did that because I implemented ssh.MarshalPrivateKey and ssh.MarshalPrivateKeyWithPassphrase from my own implementation of pemutil.SerializeOpenSSHPrivateKey.

I think it is safe to remove or ignore that header. I'm raising this question to confirm that I can remove the comment.

@jas4711
Copy link
Author

jas4711 commented Nov 19, 2024

Hi! Was any code copied? I think that is the main question if the old copyright/license has to be retained or not.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working needs triage
Projects
None yet
Development

No branches or pull requests

2 participants