Yes, it looks like several other projects use an exception clause in their distribution (such as wget): see http://en.wikipedia.org/wiki/Openssl#The_exception
On May 27, 11:43 am, [EMAIL PROTECTED] wrote: > OK, I've read over these some more, and I've thought of a possible > workaround. Being a not-a-lawyer, these may be braindead. They can be used > together. > > 1) Create a non-free optional package section. Make ALL code that depends on > OpenSSL do so as an option. And where the option should really be exercised, > complain to the user. > > 2) When the user installs OpenSSL, before anything happens, output the > advert, and give a blurb about GPL incompatability. Then, make the user > cancel or acknowledge that they understand the issue at hand, know where to > find the OpenSSL license. > > Still, I think we should immediately take down links to any version which > violates any license. > > The other option -- to put an OpenSSL exemption in our copy of the GPL -- is > completely out of the question. > > On Sun, 27 May 2007, William Stein wrote: > > > Hi, > > > It recently came to my attention (when an undergrad -- Michael Schmitz -- > > was talking with me about his project on openssl in my number > > theory class) that OpenSSL's license is totally GPL incompatible. > > This was his guess as to why firefox doesn't use openssl. > > Why should you care? -- SAGE is a GPL'd program that > > includes openssl and links in a bunch of other GPL'd programs, so > > SAGE as distributed with openssl, currently violates the copyright of > > those GPL'd > > programs. SAGE *only* uses openssl to provide authentication for > > DSAGE (distributed > > SAGE) and -- in the future but not yet -- we plan to use it for > > authentication > > for the notebook. Read more if you're interested. > > > It is a copyright violation to link a GPL program with OpenSSL and > > distribute together the linked program, as SAGE does. > > In particular, by distributing OpenSSL with SAGE, we are violating the > > copyright > > of GPL'd programs included with SAGE. The OpenSSL license > > is evidently OSI (www.opensource.org) approved, but that isn't enough. > > There are several web page that I think consistently explain the copyright > > situation with regard to openssl: > > > *http://www.gnome.org/~markmc/openssl-and-the-gpl.html > > *http://finkproject.org/doc/packaging/policy.php > > *http://lists.debian.org/debian-legal/2002/10/msg00113.html > > > Conclusion: I screwed up by not checking the license of openssl much more > > carefully before including it in SAGE, and I will unfortunately have to > > remove > > openssl from SAGE. (This is quite annoying -- I similarly screwed up once > > by including gnuplot for several weeks, and once again by including Singular > > before omalloc became GPL'd. Maybe we need to hire more lawyers. :-) ) > > > Back to openssl. Fortunately, the Debian and Fink projects both took > > a "hard line" position against OpenSSL some time ago, so (?) > > there are alternatives. It looks like GNU TLS is probably the best: > > http://www.gnu.org/software/gnutls/ > > Fortunately it appears that Twisted can use GNU TLS: > > http://cheeseshop.python.org/pypi/python-gnutls/ > > > I think the *only* part of SAGE that use OpenSSL right now is DSAGE's > > authenticiation > > system, which is built on Twisted. Anyway, comments are welcome before I > > simply remove openssl and pyopenssl from SAGE before the next release, come > > what may. > > > -- William > > > -- > > William Stein > > Associate Professor of Mathematics > > University of Washington > >http://www.williamstein.org --~--~---------~--~----~------------~-------~--~----~ To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/sage-devel URLs: http://sage.scipy.org/sage/ and http://modular.math.washington.edu/sage/ -~----------~----~----~----~------~----~------~--~---
