On Sun, 2023-01-15 at 15:22 +0100, Arne Schwabe wrote: > > > If that's the source of this issue, then I think there's a > > misunderstanding about the problem the OpenSSL exception is > > addressing. The problem was that the OpenSSL licence required > > additional conditions be imposed on the binary as a whole, even > > though openssl itself was a system library. > > > > https://spdx.org/licenses/OpenSSL.html > > > > Specifically the advertising and redistribution clauses. The > > OpenSSL exception is to make GPLv2 compatible with the OpenSSL > > licence's additional restrictions, not the other way around. There > > is still a considerable body of opinion that thinks the system > > exception covers this case as well, but just in case, people added > > the OpenSSL compatibility exception to GPLv2. > > > > The goal of changing OpenSSL to Apache-2 was to remove those > > additional restrictions and make the library behave like a normal > > linked library from a licensing point of view. The Apache-2 > > licence imposes no additional restrictions on the binary as a > > whole, which is why no exception is necessary. Specifically the > > patent retaliation and indemnity clauses which some people think > > cause the cut and paste incompatibility don't apply to the binary > > as a whole, only to the Apache2 pieces. > > > Yes. That is my understanding as well. But I think where we have been > told
Who told you? Because I'd like to tackle this misinformation at source before it spreads further than openvpn. > and see the problem different is that the GPL2 covers the whole > binary and also the Apache2 licensed parts. It does under section 2 for any component that can't be classified as a system library, yes. But the system library exception is the way you avoid this for linking with most libraries. > And then the restrictions become a problem. Only if the library you're linking with isn't a system library, which I think we can all agree in not the case on every Linux distribution because they all ship both openssl and mbedtls as part of the distribution. > So you are right in the sense that the Apache2 is just > a normal library to link for most purposes, the GPL licenses are > special in the way that they want to cover the whole source > code/binary. Sometimes this feature of the GPL is called viral by > opponents of the license. Not for system libraries ... that's what the system library exception is all about. James _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
