Re: attribution question for using NSS/NSPR or JSS in an application

Sat, 03 Feb 2007 03:20:12 -0800

Bob Relyea wrote re attribution issues with using (unmodified) NSS/NSPR/JSS code in products:
While attribution is nice, it's not required under any of the NSS licenses. When you ship NSS, you choose which license you ship under (MPL/GPL or LGPL... or the tri-license itself ). For the requirements of these licenses see http://www.mozilla.org/MPL/
To be more precise about this: If you're using the code under MPL terms (which I suggest you do unless you happen to be shipping GPL-licensed products) then the relevant requirement is in section 3.6, "Distribution of Executable Versions": 


"You may distribute Covered Code in Executable form only if ... You 
include a notice stating that the Source Code version of the Covered 
Code is available under the terms of this License, including a 
description of how and where You have fulfilled the obligations of 
Section 3.2. The notice must be conspicuously included in any notice in 
an Executable version, related documentation or collateral in which You 
describe recipients' rights relating to the Covered Code."



So basically at whatever part of the program (or documentation) you 
include your own license terms (e.g., a EULA being presented as part of 
the installer) you should note that you are using NSS/NSPR/JSS code 
under the terms of the MPL, and point to where the source code is available.



Section 3.2 goes into more detail about source code availability: You 
can point to mozilla.org, but you should also be prepared to supply a 
copy of the code yourself if for some reason mozilla.org ever goes away. 
Also, good practice is to point to the exact version of the source code 
that you used, e.g., the NSS source tarball for the relevant NSS version.



So, to sum up, as Bob notes you don't have to do what most people think 
of as attribution: Adding mentions of NSS, etc., to your About box or 
startup screens, mentioning NSS, etc., in advertisements, and so on. 
However you do need to comply with the basic notice requirements of the 
MPL. (And if you want to go beyond those requirements and mention your 
use of NSS, etc., in other contexts I'm sure the NSS/NSPR/JSS developers 
wouldn't mind the publicity.)


Frank

--
Frank Hecker
[EMAIL PROTECTED]
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto






















					Reply via email to