On Wed, 2002-05-22 at 06:00, Mark Purcell wrote: > On Wed, 22 May 2002 10:40, PASCHAL,DAVID (HP-Roseville,ex1) wrote: > > Hi, Mark. While I don't object to linking with OpenSSL in the manner it's > > currently done with hpoj (to satistify a libsnmp dependency, where OpenSSL > > doesn't actually have any linkages into the hpoj code), I'm concerned that > > the suggested exception statement is overly broad, because it doesn't > > sufficiently define exactly what "OpenSSL" is. > > I took that suggestion straight from the OpenSSL webpage. I would be happy > for you to define OpenSSL as you see fit. I guess you could say something > along the lines of 'as found at http://www.openssl.org' or give a specific > library version number and soname. It's really up to HP, and you as their > agent, as the HPOJ copyright holder.
Unfortunately, the OpenSSL webpages and FAQs on the licensing question say lots of things, some of which may be true. I'm not familiar with the exact text of the site (I've heard lots of different versions), but at least some of their opinions on the licenses are not shared by the Debian project. If you are looking for a sample license statement that has been considered to be good, you might want to look at the license that the authors of CUPS are planning to use. A copy can currently be found at http://www.cups.org/new-license.html. It has additional rights you probably aren't interested in; the main salient points are that it describes as exactly as possible what exceptions to the GPL are allowed, and it allows third parties to strip out the exceptions so the code can be linked to straight-GPLed code without such exceptions. Of course, it doesn't explain what "the OpenSSL Toolkit" is much better than the proposed text does, so you will probably want to modify that. > > What is the source of GPL incompatibility with OpenSSL in the first place? > > Is it patent-encumbered code (which I would expect Debian to disable) or > > the old-BSD-style-license "advertising clause"? > > You are right we have disabled the patent-encumbered code, otherwise OpenSSL > wouldn't be in Debian at all!! > > According to http://www.openssl.org/support/faq.html#LEGAL2 > > 'Some GPL software copyright holders claim that you infringe on their rights > if you use OpenSSL with their software on operating systems that don't > normally include OpenSSL. > > If you develop open source software that uses OpenSSL, you may find it useful > to choose an other license than the GPL, or state explicitly that "This > program is released under the GPL with the additional exemption that > compiling, linking, and/or using OpenSSL is allowed." If you are using GPL > software developed by others, you may want to ask the copyright holder for > permission to use their software with OpenSSL.' > > We had a fairly long discussion and determined that Debian 'doesn't normally > include OpenSSL' so we are covered by the condition above. Actually, I believe this is inaccurate. It may have been accurate in the past, but it definitely is not any longer. The problems between OpenSSL and the GPL are twofold: - the old BSD advertising clause - the clause in the OpenSSL license which reads: "The licence and distribution terms for any publically available version or derivative of this code cannot be changed. i.e. this code cannot simply be copied and put under another distribution licence [including the GNU Public Licence.]" This clause appears to forbid binary linking under the GPL section 2 (as invoked by section 3). We do consider Debian to be bound by this; specifically, OpenSSL is now out of non-us/main and in main, so it most definitely "normally includes OpenSSL". David, I'm glad you're willing to work with us. If you have any other questions, please let us know, and we'll help you as best we can. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
