SNARE for Windows 3.1.7 – License Audit result
The SNARE project’s primary license is identified in Sourceforge as the GPL. Our source code audit confirmed that most of the code is indeed licensed under the GPL, but the MD5 files fall under the RSA Security License which potentially conflicts with the GPL.
The problematic nature of the RSA Security License has been recognised by RSA as well, who in 2000 confirmed that its MD5 implementation can be distributed “without license.” (see http://www.ietf.org/ietf-ftp/IPR/RSA-MD-all). However, in this case Intersect Alliance is attempting to distribute it under the RSA license which means that it is conflict with the main GPL license. We would recommend that any party intending to use Snare would request Intersect to modify the MD5 files to reflect RSA’ commitment to let anyone use the code freely.
In conclusion, given the problems caused by the RSA Security License, we consider SNARE a moderate IPR risk component. The risk can be minimized if the solution recommend above is adopted.