OpenSSL users, the following is a forward and my response to this person's complaint about breaching the OpenSSL license. The last one is extremely flagrant and I apologize in advance for the violation.
At 04:25 PM 5/9/2004 +1000, Erik de Castro Lopo writeth: >Gentlemen, > >I would like to bring to your attention the following: > > http://www.slproweb.com/products/Win32OpenSSL.html > >which I beleive is a repackaging of your OpenSSL software for Win32. >However, Shining Light Productions seems to be in breach of your license: > > http://www.openssl.org/source/license.html > >Nowhere on the Shining Light Productions web page do they display the >acknowledgement required by section 3 of your license and they use the >name "Win32OpenSSL" which seems to be in breach of section 5 of your >license. Okay, before I get super-picky, let me point out that the Win32 OpenSSL Installation Project has been cleared by the authors (your complaint about #5 is duly noted and probably ignored) and is linked to from the www.openssl.org site itself: http://www.openssl.org/related/binaries.html "Win32 OpenSSL Installation Project" is the full name...I just shorten it to "Win32 OpenSSL" for the sake of brevity in e-mails and I never refer to it without the space. Win32 stands for Windows 32-bit and OpenSSL is owned by www.openssl.org. I claim ownership of neither and will link to www.openssl.org as many times as is necessary to get anyone who wants to be overly annoying off my back. The authors of OpenSSL know that I am providing a vital service to Windows users by providing binaries of OpenSSL in installer form. I'm pretty sure that since I'm as concerned about being as legal as possible as they are, they will expect me to fix problems with the project ASAP...all of which has already been done. If the authors want the project name changed, they'll let me know. However, note that Win32 OpenSSL has been in existence for over 1 year with full knowledge of the OpenSSL staff and they even link to the site from the binaries page on the openssl.org site. Now to the nit-picky stuff that may not be kosher: 1) The website links directly to www.openssl.org AND has the following statement: "Note that this is a __DEFAULT BUILD__ of OpenSSL and is subject to local and state laws. More information can be found in the legal agreement of the installation." (Emphasis mine). This means that the binaries that are extracted from the installer are byte-for-byte the same as a default build of OpenSSL. This implies that the user understands the restrictions of OpenSSL AND its license. Regardless, I have modified the introductory description on the website to be in full compliance with the OpenSSL license. 2) The installation license agreement hasn't been modified since the project was first started. It has been updated to be in compliance with section 3. 3) The documentation was sort of hack'ish for a long time. It not only has been put in compliance with section 3, but Erik seems to have missed section 2: "Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the __documentation__ and/or other materials provided with the distribution." The license's full text is now contained within the documentation, making the documentation in full compliance with section 2. The required statement from section 3 is in the "Introduction" of the documentation. >I also believe that there are problems with the click-though win32 >installer which requires that the user agree to the "Win32 OpenSSL >Installation License Agreement" on top of the OpenSSL license agreement >without ever displaying the acknowledgements required by sections 3 >and 6 of your license. The installer license itself now links to www.openssl.org on top of displaying the required text in section 3. >In addition, the original OpenSSL license is >nowhere to be found. Thank you for pointing this out. I literally have no idea how that got cut out of the distribution. That file _was_ in there at one point, but it probably happened when I upgraded to a newer versions of the installer technology and had to re-write a lot of underlying code (I've upgraded twice in the past year and added tons of stuff like CHM help and a couple Perl binary modules). Everything related to this issue has been updated. Now (again) in full compliance with the license. This is probably the biggest mistake I've made in the lifetime of the project. My apologies to all on this list for the massive oversight. >As someone who recently had code released under the GPL which was >misused in a similar manner, I encourage you to force Shining Light >Productions into compliance with your license. There was no need to go to the OpenSSL authors over this issue. You could have simply e-mailed me and it would have been fixed - and I would have notified everyone who needed to know as well (and would still include the whole openssl-users list, knowing how serious that last error was). Again, thank you for pointing these issues out to me. The website and software package have both been updated to reflect these changes. Hope this helps! Thomas J. Hruska -- [EMAIL PROTECTED] Shining Light Productions -- "Meeting the needs of fellow programmers" http://www.slproweb.com/ `'*-~.,_,.~-*'`'*-~.,_,.~-*'`'*-~.,_,.~-*'`'*-~.,_,.~-*'`'*-~.,_,.~-*'`'*-~ Why spend more for the same functionality that is in ColdFusion? Try Nuclear Vision today! http://www.slproweb.com/products/nvml.html Announcing Nuclear Vision v2.0: Easy to learn, easy to use, and has unlimited precision math capabilities. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
