Good point, but apexskier/cryptoPadding doesn't have any license info, so it really shouldn't be used at all (importing, copying, or vendoring).

BTW, the author has done this, committed an hour ago. The "github.com/apexskier/cryptoPadding" dependency is removed, padBuffer() and unpadBuffer() functions which look very different than apexskier/cryptoPadding are inlined. He also added tests for the padding! Nice work!

https://github.com/square/go-jose/commit/6722e7b8407c4b2bbe2...

Dang, I was going to try to refute you by saying no license meant no restrictions, but nope! Creators of software (and any written work apparently [1]) are automatically granted copyright for their work (this makes sense) so without a license, copying it would be a violation of copyright. That's wild, but seems reasonable.

Posting it to Github isn't implicit permission, but it would probably be a factor if the author did try to sue people for using his or her copyrighted work without license/permission.

[1] http://en.wikipedia.org/wiki/Open-source_software#Open_softw...

There's also apparently terms in the Github ToS that allow viewing and forking of public projects regardless of license. What this means in a practical sense, I'm not sure.

https://help.github.com/articles/open-source-licensing/#what...

It's pretty simple. In a practical sense it means that the author of any license-free project on Github who finds their code used in other software can, very cheaply, C&D the authors of those packages.

Here are polished versions of my pkcs7 functions from the crypto challenges if anyone wants:

http://play.golang.org/p/xfAGpytsSI

Also, remember to not leak padding errors and always MAC your ciphertext. Wouldn't want you to spring a padding oracle.