> Thank you for the clarification. What you have said
> makes sense, but I am still a little unclear on what
> is meant by "redistribution" and "products derived from [OpenSSL]".
The term "redistribution" means any distribution of OpenSSL or a
derivative
work of OpenSSL other than what you might have a right to do by law (say
under first sale or fair use). The term "products derived from OpenSSL"
means any work that would be considered a derivative work under copyright
law.
Note that calling something 'OpenSSL' might also be a considered fraud
or
violations of common law trademarks and the like. I'm talking only about
copyright.
> Presumably, a program, e.g. a web browser, could be written
> which uses OpenSSL (whether through linking to the libraries or
> by including actual pieces of OpenSSL code), and this browser
> would not have to be licensed under the OpenSSL license. This would
> be a "product derived from OpenSSL", and users could be forbidden to
> redistribute the browser in source or binary forms.
> Is this a correct interpretation of what a "product derived" is?
If it included actual pieces of OpenSSL code, other than that permitted
under exceptions to copyright laws (fair use, scenes a faire), then those
who distribute it must comply with the OpenSSL license when they do so. That
does not mean their product has to be licensed under a license identical to
the OpenSSL license.
Note that they cannot authorize distributions of their derivative under
terms not permitted by the OpenSSL license unless their creation of the
derivative works was pursuant to rights no acquired under the OpenSSL
license. (That gets complicated. If you want a more detailed explanation,
email me.) Basically, you cannot wrap OpenSSL and claim that by using that
wrapped OpenSSL instead of OpenSSL itself, you only need to comply with the
wrapper's license. This is not because OpenSSL's authors have the right to
restrict the distribution of derivative works, this is because this is a
condition of creating the derivative work in the first place.
> If a person were to take a full OpenSSL distribution and
> completely rewrite some source files, but not all source files, of which
> libcrypto.a is composed, then compile and distribute the resulting
> libraries libssl.a and libcrypto.a, would libssl.a be a
> "redistribution",
Yes.
> and would libcrypto.a be a "product derived" or a
> "redistribution"?
It would either be OpenSSL itself (if insufficient creative effort were
involved in the process of creating this file) or it would be a product
derived (if sufficient creative effort were added to consider it a distinct
work).
> In other words, would the person be able to
> prohibit redistribution of their new libcrypto.a, even though
> it utilizes some unmodified OpenSSL code, and is part of a complete
> OpenSSL distribution?
Certainly. Nothing in the OpenSSL licenses requires you to allow
redistribution of any derivative works you create. (And anyone who did so
would be violating *your* rights, not those of OpenSSL or its authors since
copyright law doesn't permit you to restrict distribution of derivative
works, only creation.)
However, if the thing you distributed was legally deemed to be OpenSSL
itself, rather than a derivative work, you could not prohibit redistribution
(under copyright law). You do not hold copyright to OpenSSL itself, so
nobody can violate any of your rights by distributing it. (Merely compiling
OpenSSL, for example, doesn't give you any copyright rights in the results.
You must add creative effort to acquire copyright interest.)
You could try to prohibit such things with contracts and the like.
IANAL. My responses exlclusively assume United States law, other
countries
do definitely differ. Consult a lawyer if any of this matters to you. HTH.
DS
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
