Richard Stallman wrote: > I see one possible flaw: if someone includes a different COPYING.OpenSSL > file, this notice would give permission for linking with something > under that replaced file. I think that's a bug. It needs to state > the OpenSSL license in some more reliable way.
Hi, Richard. Thanks for the feedback. Hopefully we can get this resolved soon so I won't have to delay the new software release. I grappled with this problem too, but in the end concluded that at least it wasn't any more permissive than the statement recommended in the GPL FAQ. IMO it boils down to the question of how in general to prevent somebody from modifying the license statement and hijacking one's code. Here are some possible solutions that come to mind right away: 1. Add a statement to the top of the file LICENSE.OpenSSL saying that since it was effectively an extension to the license statements in the individual source files in the hpoj package, only the copyright holder(s) of those source files (namely HP) may update the LICENSE.OpenSSL file. 2. Do away with LICENSE.OpenSSL altogether and change each exception statement (at least in the HP-copyrighted files) to limit OpenSSL to "those versions having a free but GPL-incompatible license as deemed by the Free Software Foundation." I would greatly prefer #1 if possible, because it means I only have to change one file. :-) Also, #2 might be problematic with the lawyer, who is already uncomfortable with the notion of automatically licensing under all future versions of the GPL without being able to review them first. (For the record, I am in favor of the "GPL version 2 or (at your option) any later version" provision.) David -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
