On 10/6/2010 10:24 PM, Pierre DELAAGE wrote:
I cannit answer to all the point but at least I can comment the redistribution one : To my point of view, a static linking is NOT a redistribution, just because the liked library is not usable by the end user.
It most certainly is a re-distribution. You have received the copyrighted work and then you distributed it to someone else.
To an extreme extent, the end user is not necessarily aware that the product contains a static version of ssl lib, and even so he/she is not necessarily aware of what is it and what he/she could do with it if this lib was ...directly accessible as a dll, which it is NOT !
That's not relevant for two reasons. First, it's not relevant because user knowledge or access is not a criterion for testing of something is a re-distribution. Second, even if user knowledge and access were required, his code is joined to OpenSSL by the linker, and his code is known and usable. There is absolutely no rational reason it should matter what part of the joined code is known and usable, once joined, they are one.
What I mean is that "redistributing" something as embedded in a product is not opening its free usage by the end user.
It sure is, they are fully free to use the combined work. The whole point of a combined work is that the parts are combined. You can't say you're using one part and not another -- they are combined.
The user has free usage of the combined work. The combined work includes OpenSSL. Full stop.
> The product received is NOT the same as the product
used by the developper,
Doesn't matter. It's the same work. Static linking fuses two works into a single work that is legally both works linked.
To give you an analogy, image a graphic work that consists of two sides, each with an image. If I take two such works and glue them back-to-back, that's like what static linking does. The result is a single two-sided work that contains protectable elements from both input works. It is legally both original works.
and has often less features (as your product does not expose to end users all the functionnalities of the original openssl lib.
Doesn't matter. If I get the source code to Windows and remove a bunch of featured, and compile the result, I can't give it away to all my friends.
Even more if "redistributing as embedded" was "redistributing", then it would allow the end user to do the same thing as yourself, I mean the same usage of the library: and this is impossible.
Huh? "Redistributing" simply means you are distributing a work that contains protectable elements (those that can be covered by copyright) from the original work.
Your focus on function is totally mistaken. In fact, function is the one thing copyright *cannot* cover. Functional elements are irrelevant for copyright purposes. Copyright protects creative choices, not hard work or functional capability.
More over it would allow him to redistribute openssl again ....but it is also impossible because openssl lib has been embedded, ie hidden in some way, in your application.
Huh?
The only way the end user could "propagate" openssl would be to redistribute your whole application : this depends on your own license, but would not lead anyway to a "usable" full featured lib.
Doesn't matter. Copyright is about creative choices, not function. The creative choices made by the OpenSSL developers are in the statically-linked work.
Finally, I would say that in fact "dynamic linking" is the scenario most closed to "redistribution" than static linking : because it allows, at least technically, a possible distribution of a copy of a dll.
Huh? Either you distribute the DLL or you don't. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org