[curves] 25519 implementations in JavaScript

Mike Hamburg mike at shiftleft.org
Tue Jun 3 23:18:42 PDT 2014


On Jun 3, 2014, at 10:59 PM, Guy K. Kloss <gk at mega.co.nz> wrote:

> On 04/06/14 17:56, Tao Effect wrote:
>> IMO, Apache 2.0 is a downside compared to OpenPGP.js, as it contains a
>> potentially dangerous patent clause for contributors (and possibly even
>> users, not sure on that though, IANAL, IAMACS :P):
>> 
>> https://code.google.com/p/end-to-end/issues/detail?id=1
> 
> Interesting, never have considered it from that perspective. From my
> (previous) perspective, Apache 2.0 is quite a liberal license, which is
> what I wanted to express.
> 
> Let's see.
> 
> Guy

Huh.  That's a very subtle bug, and I have no idea how it would play out in court.

But I also don't understand how Numenta's change fixes the problem.  Surely the problem isn't that the patents aren't temporally bounded, but rather that the Work isn't temporally bounded.

In other words, if I contribute something, and then patent it (within a year), the original CLA would require me to give a royalty-free license to that patent.  But under the new CLA, I am not required to give a license.  This seems like a regression: submitting something, then patenting it and enforcing the patent is evil and could screw Numenta.

On the other hand, under the old CLA, if a later version of the Work causes something interacting with my code to infringe a patent, I might be required to give a license (not obvious, could go either way).  But the new CLA doesn't fix that.

Cheers,
-- Mike


More information about the Curves mailing list