> > I wholeheartedly disagree. You cannot violate the OpenSSL
> > license by using
> > OpenSSL.
> >
> > The end user is not creating a derivative work because he is
> > not creating a
> > work at all. For copyright purposes, you only create a work when you add
> > creative input. Compiling and linking is not a creative process.
> This is licensing terms we are talking about here, not copyright terms,
> which are an entirely separate and different thing.
Umm, no. We are talking about whether the license *covers* a particular
act
or not, not what the license says about that act. The scope of the license
is set by copyright law, not by the license itself. The license can only
restrict an action that copyright law gives a copyright holder the right to
restrict.
For example, if the OpenSSL license said that if you ever downloaded a
copy
of OpenSSL, you had to pay the authors $1,000,000, this would not be valid.
It would only be valid if the license were the only way to get the right or
ability to download a copy of OpenSSL.
Since nobody formally agrees to, clicks on, or otherwise assents to the
OpenSSL license, the OpenSSL license only applies to you when you choose to
accept it. Of course, should you not choose to accept it and then do
something copyright law prohibits you from doing, you are violating
copyright law. (Read this over a few times until you get it. This is the
crux right here.)
It is essentially impossible to violate the OpenSSL license. If you
disribute OpenSSL in violation of its license, you are violating copyright
law. This is because copyright law restricts the distribution of covered
works and you have no license. If you are not complying with the terms of
the license, you just don't get the *additional* rights the license gives
you. But you still have the rights under first sale, fair use, scenes a
fair, and so on.
Again, just to be 100% clear -- the only way you could "violate the
OpenSSL
license" would be to do something that copyright law prohibited you from
doing without complying with the OpenSSL license. So before we can even ask
if you complied with the OpenSSL license, we have to ask whether you did
something copyright law prohibits you from doing.
> From the license:
>
> "...Redistribution AND USE in source..."
>
> "This LIBRARY is free for commercial and non-commercial USE as long as
> the following conditions..."
This doesn't matter because the license cannot set its own scope. One
has,
under copyright law, the right to *use* any work one has lawfully acquired.
If you think about it, this must be so. Otherwise, I could drop copies of my
poem from an airplane and then sue anyone who read it without complying with
my license terms. Otherwise, I could buy a book that contained a clause
inside the cover that I couldn't read it on weekdays.
If you read copyright law, you will see that the right to *use* a work
is
*not* one of the rights reserved to the copyright holder. So the OpenSSL
license can't restrict the *use* of a work any more than it can restrict
breathing.
> When you link in your own code, it becomes part of the library, thus part
> of OpenSSL. If you don't apply all the license terms to your code, when
> you are licensing it to yourself to use for yourself, you are
> violating the
> license. Of course, nobody cares because your not redistributing it.
The OpenSSL license is not a click-through or shrink-wrap license.
There is
no way you can argue that a person agreed to the license merely by using
OpenSSL. You cannot violate a pure license by using a work. (You can violate
an EULA, shrink-wrap, or click-through agreement. But the OpenSSL license is
none of those.)
To the extent that the OpenSSL license purports to limit the ordinary
use
of a covered work, it simply means that those acts do not grant you the
additional rights the license grants you. But you don't need to get the
right to use it from the license, you automatically have that by having
lawfully acquired the work.
> There are many funny licensing clauses that appear nonsensical to the
> layman but are perfectly logical. The SSLeay and OpenSSL license is
> an extremely sloppy and poorly defined document because the people
> who wrote it were under the misguided assumption that good legal
> documentation is simple. This is an assumption that is shared by much
> of the general public, of course, because most people are stupid and
> want to believe that the rest of the world is comprised of simpletons,
> it makes them feel better. In reality, good, defendable legal
> documentation
> is
> very explicit and spells everything out, that is why it's so long, it does
> not make a bunch of assumptions.
It doesn't matter. We're talking purely about the scope of the license.
The
license cannot expand its own scope, only reduce it. A pure copyright
license like OpenSSL's, the BSD license, or the GPL *cannot* restrict use.
It does not have that power under copyright law. (17 USC 109)
The right to the ordinary use of a lawfully created and disributed work
travels with that work. If I download a copy of OpenSSL from OpenSSL's
website, I have lawfully acquired it, the work was lawfully created and
distributed. I have the right to ordinary use, just the same as I do to an
authentic CD that I purchased at a flea market.
> > IANAL, this is not legal advice.
> We have a saying here about that: "No shit, sherlock"
I'm not sure it's obvious that I'm not a lawyer. There really is no
harm in
one sentence to make sure that's clear.
> Continuing to
> disclaim your own advice is really rediculous. We all know that the
> respondents to this thread, including myself, are not lawyers and nobody
> with brains is going to take postings off a mailing list as legal advice.
I am not giving anyone any advice.
> I also have some distressing news for you as well - if you were
> to consult a dozen lawyers about this topic, you would get a
> dozen different interpretations. Legal advice, paid or otherwise, ain't
> worth shit until a Judge in a courtroom agrees with it, I fail to see
> why your getting so excited about advice on a license being "not legal"
Not all opinions are advice. I am definitely not suggesting anyone do
anything in particular. I am just trying to make that clear.
DS
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
