> Thank you for the clarification. What you have said > makes sense, but I am still a little unclear on what > is meant by "redistribution" and "products derived from [OpenSSL]".
The term "redistribution" means any distribution of OpenSSL or a derivative work of OpenSSL other than what you might have a right to do by law (say under first sale or fair use). The term "products derived from OpenSSL" means any work that would be considered a derivative work under copyright law. Note that calling something 'OpenSSL' might also be a considered fraud or violations of common law trademarks and the like. I'm talking only about copyright. > Presumably, a program, e.g. a web browser, could be written > which uses OpenSSL (whether through linking to the libraries or > by including actual pieces of OpenSSL code), and this browser > would not have to be licensed under the OpenSSL license. This would > be a "product derived from OpenSSL", and users could be forbidden to > redistribute the browser in source or binary forms. > Is this a correct interpretation of what a "product derived" is? If it included actual pieces of OpenSSL code, other than that permitted under exceptions to copyright laws (fair use, scenes a faire), then those who distribute it must comply with the OpenSSL license when they do so. That does not mean their product has to be licensed under a license identical to the OpenSSL license. Note that they cannot authorize distributions of their derivative under terms not permitted by the OpenSSL license unless their creation of the derivative works was pursuant to rights no acquired under the OpenSSL license. (That gets complicated. If you want a more detailed explanation, email me.) Basically, you cannot wrap OpenSSL and claim that by using that wrapped OpenSSL instead of OpenSSL itself, you only need to comply with the wrapper's license. This is not because OpenSSL's authors have the right to restrict the distribution of derivative works, this is because this is a condition of creating the derivative work in the first place. > If a person were to take a full OpenSSL distribution and > completely rewrite some source files, but not all source files, of which > libcrypto.a is composed, then compile and distribute the resulting > libraries libssl.a and libcrypto.a, would libssl.a be a > "redistribution", Yes. > and would libcrypto.a be a "product derived" or a > "redistribution"? It would either be OpenSSL itself (if insufficient creative effort were involved in the process of creating this file) or it would be a product derived (if sufficient creative effort were added to consider it a distinct work). > In other words, would the person be able to > prohibit redistribution of their new libcrypto.a, even though > it utilizes some unmodified OpenSSL code, and is part of a complete > OpenSSL distribution? Certainly. Nothing in the OpenSSL licenses requires you to allow redistribution of any derivative works you create. (And anyone who did so would be violating *your* rights, not those of OpenSSL or its authors since copyright law doesn't permit you to restrict distribution of derivative works, only creation.) However, if the thing you distributed was legally deemed to be OpenSSL itself, rather than a derivative work, you could not prohibit redistribution (under copyright law). You do not hold copyright to OpenSSL itself, so nobody can violate any of your rights by distributing it. (Merely compiling OpenSSL, for example, doesn't give you any copyright rights in the results. You must add creative effort to acquire copyright interest.) You could try to prohibit such things with contracts and the like. IANAL. My responses exlclusively assume United States law, other countries do definitely differ. Consult a lawyer if any of this matters to you. HTH. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]