Martin Picha wrote re NSS and OpenSSL:
> When compared, what are some of the (less obvious)
> advantages and disadvantages of each source base?
> Issues I am thinking of include...
<snip>
> * any legal issues?
I really don't think the legal issues are such as should affect your
decision, but here's a brief rundown:
In terms of licensing, both OpenSSL and NSS can be used in either open
source or proprietary programs. OpenSSL is under a license similar to
the Apache license, which in turn is based on the BSD license. NSS is
under a dual licensing scheme under which you can use the code under the
terms of either MPL or the GPL; for use with proprietary software you'd
use the software under MPL terms and ignore the GPL alternative license.
Both licenses have requirements you must conform to in terms of notices;
NSS also has some requirements related to making modifications to the
code available, if in fact you make any modifications.
In terms of export control, NSS code was originally developed in the US,
and OpenSSL code was originally developed outside the US (and I think
still is). If you're developing your product in the US and then
exporting it, it doesn't matter whether you use NSS or OpenSSL; your
product is in principle subject to US export control regulations either
way.
The bottom line is that IMO you should make a technical decision first
and only then worry about any legal issues. I doubt that any issue would
be of such weight that it would compel you to abandon your first choice
and turn to the other product.
Disclaimer: I am not a lawyer, this is not legal advice. You should ask
your own attorney about the licensing and export control issues -- and
if you're exporting from the US commercial proprietary products that
implement encryption then you _definitely_ should consult an attorney
familar with US export regulations.
Frank
--
Frank Hecker work: http://www.collab.net/
[EMAIL PROTECTED] home: http://www.hecker.org/
