RE: related license question
On Mon, 28 Aug 2006, David Schwartz wrote: Certainly. Nothing in the OpenSSL licenses requires you to allow redistribution of any derivative works you create. Wrong. See the following: ...The licence and distribution terms for any publically available version or derivative of this code cannot be changed... http://www.openssl.org/source/license.html I always assumed that publically available version meant an open source distribution and didn't apply to proprietary code where the source isn't made available at all. But now that you point it out, it's not clear at all exactly what that means. In any event, it doesn't compel you to make the source available, but it could mean that you can't prevent redistribution of the binaries. IANAL, but this is a fairly standard BSD-style license and such have always allowed proprietory derivative works. I see nothing here that forbids distributors from imposing additional terms on derivative works (unlike the GPL). --| John L. Ries | Salford Systems | Phone: (619)543-8880 x107 | or (435)865-5723 | --| __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: related license question
Ted Mittelstaedt wrote: - Original Message - From: David Schwartz [EMAIL PROTECTED] To: openssl-users@openssl.org Sent: Tuesday, August 22, 2006 2:04 PM Subject: RE: related license question Certainly. Nothing in the OpenSSL licenses requires you to allow redistribution of any derivative works you create. Wrong. See the following: ...The licence and distribution terms for any publically available version ^^ The question is, what this word means. or derivative of this code cannot be changed... http://www.openssl.org/source/license.html Yes, the OpenSSL does not explicitly require you to allow redistribution of any derivitave works you create. However, it explicitly requires you to not change the distribution terms of the derivitave work that you create, and since the redistribution terms are open, that forces you to also use open redistribution terms. If someone adds *own* code to OpenSSL and forbids redistribution of *his* code, the resulting package is imho no longer publically available and therefore the sentence cited above would no longer apply. Am i wrong? If i am wrong, the OpenSSL license would be infectious like the GPL, and my impression is, that the sentence cited above has been added to the license for preventing such infectiousity, but i may be wrong. Ciao, Richard -- Dr. Richard W. Könning Fujitsu Siemens Computers GmbH __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: related license question
Certainly. Nothing in the OpenSSL licenses requires you to allow redistribution of any derivative works you create. Wrong. See the following: ...The licence and distribution terms for any publically available version or derivative of this code cannot be changed... http://www.openssl.org/source/license.html I always assumed that publically available version meant an open source distribution and didn't apply to proprietary code where the source isn't made available at all. But now that you point it out, it's not clear at all exactly what that means. In any event, it doesn't compel you to make the source available, but it could mean that you can't prevent redistribution of the binaries. DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: related license question
- Original Message - From: Ryan Shon [EMAIL PROTECTED] To: openssl-users@openssl.org Sent: Tuesday, August 22, 2006 12:07 PM Subject: related license question Thank you for the clarification. What you have said makes sense, but I am still a little unclear on what is meant by redistribution and products derived from [OpenSSL]. redistribution means distribution by someone other than the copyright holder. Presumably, a program, e.g. a web browser, could be written which uses OpenSSL (whether through linking to the libraries or by including actual pieces of OpenSSL code), and this browser would not have to be licensed under the OpenSSL license. correct as long as the license on the browser does not deviate from the distribution terms that are in openssl, gives copyright attribution, etc. This would be a product derived from OpenSSL, yes and users could be forbidden to redistribute the browser in source or binary forms. no, not possible. The reason is that the openssl license distribution terms permit unrestricted redistribution in source or binary forms and since the new license must follow the distribution terms in the openssl license to be compliant, the new license must permit unlimited redistribution. Is this a correct interpretation of what a product derived is? yes If a person were to take a full OpenSSL distribution and completely rewrite some source files, but not all source files, of which libcrypto.a is composed, then compile and distribute the resulting libraries libssl.a and libcrypto.a, would libssl.a be a redistribution, and would libcrypto.a be a product derived or a redistribution? Both. If there's any openSSL code that makes up the resultant libssl.a or libcrypto.a, then the added code that this hypothetical person wrote would become part of the openssl toolkit, and thus subject to it's licensing. In other words, would the person be able to prohibit redistribution of their new libcrypto.a, even though it utilizes some unmodified OpenSSL code, and is part of a complete OpenSSL distribution? No, they can only follow the redistribution terms that are in the openssl license, those terms are unrestricted, so the person's license would have to be unrestricted as well. You simply cannot redistribute openSSL code with your own code mixed in, and have part of the openssl distribution that you are sending out be under the openSSL license, and part of the redistribution subject to your own license. The grant of redistribution rights you get from the openSSl license do not permit you to do this. If you want to distribute a replacement libcrypto.a under your own license terms, you must write from scratch all files that are used to build the libcrypto.a you cannot take any existing openssl files and use them in the build of the libcrypto.a, then redistribute this under a restricted license, as the openssl license does not give you that right. The only way you can do what you want to do is distribute the part you write separately from the openssl part, and license your part under your terms, and the openssl part under it's terms, and have the end-users combine the parts to a single result. Ted __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: related license question
- Original Message - From: David Schwartz [EMAIL PROTECTED] To: openssl-users@openssl.org Sent: Tuesday, August 22, 2006 2:04 PM Subject: RE: related license question Thank you for the clarification. What you have said makes sense, but I am still a little unclear on what is meant by redistribution and products derived from [OpenSSL]. The term redistribution means any distribution of OpenSSL or a derivative work of OpenSSL other than what you might have a right to do by law (say under first sale or fair use). The term products derived from OpenSSL means any work that would be considered a derivative work under copyright law. Note that calling something 'OpenSSL' might also be a considered fraud or violations of common law trademarks and the like. I'm talking only about copyright. Presumably, a program, e.g. a web browser, could be written which uses OpenSSL (whether through linking to the libraries or by including actual pieces of OpenSSL code), and this browser would not have to be licensed under the OpenSSL license. This would be a product derived from OpenSSL, and users could be forbidden to redistribute the browser in source or binary forms. Is this a correct interpretation of what a product derived is? If it included actual pieces of OpenSSL code, other than that permitted under exceptions to copyright laws (fair use, scenes a faire), then those who distribute it must comply with the OpenSSL license when they do so. That does not mean their product has to be licensed under a license identical to the OpenSSL license. Note that they cannot authorize distributions of their derivative under terms not permitted by the OpenSSL license unless their creation of the derivative works was pursuant to rights no acquired under the OpenSSL license. (That gets complicated. If you want a more detailed explanation, email me.) Basically, you cannot wrap OpenSSL and claim that by using that wrapped OpenSSL instead of OpenSSL itself, you only need to comply with the wrapper's license. This is not because OpenSSL's authors have the right to restrict the distribution of derivative works, this is because this is a condition of creating the derivative work in the first place. If a person were to take a full OpenSSL distribution and completely rewrite some source files, but not all source files, of which libcrypto.a is composed, then compile and distribute the resulting libraries libssl.a and libcrypto.a, would libssl.a be a redistribution, Yes. and would libcrypto.a be a product derived or a redistribution? It would either be OpenSSL itself (if insufficient creative effort were involved in the process of creating this file) or it would be a product derived (if sufficient creative effort were added to consider it a distinct work). In other words, would the person be able to prohibit redistribution of their new libcrypto.a, even though it utilizes some unmodified OpenSSL code, and is part of a complete OpenSSL distribution? Certainly. Nothing in the OpenSSL licenses requires you to allow redistribution of any derivative works you create. Wrong. See the following: ...The licence and distribution terms for any publically available version or derivative of this code cannot be changed... http://www.openssl.org/source/license.html Yes, the OpenSSL does not explicitly require you to allow redistribution of any derivitave works you create. However, it explicitly requires you to not change the distribution terms of the derivitave work that you create, and since the redistribution terms are open, that forces you to also use open redistribution terms. The above part is from the SSLeay part of OpenSSL and the OpenSSL license itself cannot change license terms, due to the above statement, the above statement is itself a license term, and is thus still in effect in the openSSL license. (And anyone who did so would be violating *your* rights, not those of OpenSSL or its authors since copyright law doesn't permit you to restrict distribution of derivative works, only creation.) However, if the thing you distributed was legally deemed to be OpenSSL itself, rather than a derivative work, you could not prohibit redistribution (under copyright law). You do not hold copyright to OpenSSL itself, so nobody can violate any of your rights by distributing it. (Merely compiling OpenSSL, for example, doesn't give you any copyright rights in the results. You must add creative effort to acquire copyright interest.) But, since you have to adhere to the OpenSSL licensing terms when you add your creative effort, copyright interest doesen't give you anything other than bragging rights. Ted __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager
Re: related license question
In message [EMAIL PROTECTED] on Tue, 22 Aug 2006 15:07:31 -0400, Ryan Shon [EMAIL PROTECTED] said: rshon Presumably, a program, e.g. a web browser, could be written rshon which uses OpenSSL (whether through linking to the libraries or rshon by including actual pieces of OpenSSL code), and this browser rshon would not have to be licensed under the OpenSSL license. This rshon would be a product derived from OpenSSL, and users could be rshon forbidden to redistribute the browser in source or binary forms. rshon Is this a correct interpretation of what a product derived rshon is? I'm actually unsure about that. Richard Stallman would probably interpret it that way, but I wouldn't. Using unmodified components from another package in your own package does not constitute derivation, in my opinion. But again, IANAL. rshon If a person were to take a full OpenSSL distribution and rshon completely rewrite some source files, but not all source files, rshon of which libcrypto.a is composed, then compile and distribute rshon the resulting libraries libssl.a and libcrypto.a, would rshon libssl.a be a redistribution, and would libcrypto.a be a rshon product derived or a redistribution? If we look at the separate libraries, then yes. However, I would assume that you would distribute this changed source in the same manner as the original is distributed, in one package. In that case, that package is a modified version of OpenSSL, and therefore a product derived from OpenSSL. Cheers, Richard - Please consider sponsoring my work on free software. See http://www.free.lp.se/sponsoring.html for details. -- Richard Levitte [EMAIL PROTECTED] http://richard.levitte.org/ When I became a man I put away childish things, including the fear of childishness and the desire to be very grown up. -- C.S. Lewis __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: related license question
Thank you for the clarification. What you have said makes sense, but I am still a little unclear on what is meant by redistribution and products derived from [OpenSSL]. The term redistribution means any distribution of OpenSSL or a derivative work of OpenSSL other than what you might have a right to do by law (say under first sale or fair use). The term products derived from OpenSSL means any work that would be considered a derivative work under copyright law. Note that calling something 'OpenSSL' might also be a considered fraud or violations of common law trademarks and the like. I'm talking only about copyright. Presumably, a program, e.g. a web browser, could be written which uses OpenSSL (whether through linking to the libraries or by including actual pieces of OpenSSL code), and this browser would not have to be licensed under the OpenSSL license. This would be a product derived from OpenSSL, and users could be forbidden to redistribute the browser in source or binary forms. Is this a correct interpretation of what a product derived is? If it included actual pieces of OpenSSL code, other than that permitted under exceptions to copyright laws (fair use, scenes a faire), then those who distribute it must comply with the OpenSSL license when they do so. That does not mean their product has to be licensed under a license identical to the OpenSSL license. Note that they cannot authorize distributions of their derivative under terms not permitted by the OpenSSL license unless their creation of the derivative works was pursuant to rights no acquired under the OpenSSL license. (That gets complicated. If you want a more detailed explanation, email me.) Basically, you cannot wrap OpenSSL and claim that by using that wrapped OpenSSL instead of OpenSSL itself, you only need to comply with the wrapper's license. This is not because OpenSSL's authors have the right to restrict the distribution of derivative works, this is because this is a condition of creating the derivative work in the first place. If a person were to take a full OpenSSL distribution and completely rewrite some source files, but not all source files, of which libcrypto.a is composed, then compile and distribute the resulting libraries libssl.a and libcrypto.a, would libssl.a be a redistribution, Yes. and would libcrypto.a be a product derived or a redistribution? It would either be OpenSSL itself (if insufficient creative effort were involved in the process of creating this file) or it would be a product derived (if sufficient creative effort were added to consider it a distinct work). In other words, would the person be able to prohibit redistribution of their new libcrypto.a, even though it utilizes some unmodified OpenSSL code, and is part of a complete OpenSSL distribution? Certainly. Nothing in the OpenSSL licenses requires you to allow redistribution of any derivative works you create. (And anyone who did so would be violating *your* rights, not those of OpenSSL or its authors since copyright law doesn't permit you to restrict distribution of derivative works, only creation.) However, if the thing you distributed was legally deemed to be OpenSSL itself, rather than a derivative work, you could not prohibit redistribution (under copyright law). You do not hold copyright to OpenSSL itself, so nobody can violate any of your rights by distributing it. (Merely compiling OpenSSL, for example, doesn't give you any copyright rights in the results. You must add creative effort to acquire copyright interest.) You could try to prohibit such things with contracts and the like. IANAL. My responses exlclusively assume United States law, other countries do definitely differ. Consult a lawyer if any of this matters to you. HTH. DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]