Jason: On Mon, Dec 4, 2017 at 8:25 PM, Jason A. Donenfeld <ja...@zx2c4.com> wrote: > Hey SPDX, > > A lot of older OpenSSL code is under the OpenSSL license, but the > author also provides it under GPLv2. Great. The SPDX identifier for > this is obvious. > > Faced with the multitude of requests for adding this GPLv2 exception > in the various interesting reusable files of OpenSSL, it appears that > the OpenSSL assembly pinball wizard, Andy Polyakov, wound up coming up > with CRYPTOGAMS. That looks like this: > > In the header of a particular OpenSSL file there is this text: > > # ==================================================================== > # Written by Andy Polyakov <ap...@openssl.org> for the OpenSSL > # project. The module is, however, dual licensed under OpenSSL and > # CRYPTOGAMS licenses depending on where you obtain it. For further > # details see http://www.openssl.org/~appro/cryptogams/. > # ==================================================================== > > Following the link to read the CRYPTOGAMS license leads to a 3-clause > BSD license with this text added on: > >> ALTERNATIVELY, provided that this notice is retained in full, this >> product may be distributed under the terms of the GNU General Public >> License (GPL), in which case the provisions of the GPL apply INSTEAD OF >> those given above. > > So, for using one of these files, how would I specify this in SPDX? > > Perhaps this: "OpenSSL OR GPL-2.0 OR BSD-3-Clause"? > > Or do we need to import the CRYPTOGAMS license and then specify: > "OpenSSL OR CRYPTOGAMS"? > > And then in the case of kernel code, take advantage of the GPLv2 > compatibility to write: > > "OpenSSL OR CRYPTOGAMS OR GPL-2.0"? > > Please do let me know what's best.
The way I have treated the CRYPTOGRAMS licensing proper in the ScanCode toolkit is a set of rules for a choice of (BSD-3-Clause or GPL-1.0+) or (BSD-3-Clause or GPL-2.0) depending how this formulated in CRYPTOGRAMS. I am not sure this warrant a new license id. And with OpenSSL when used in combo with OpenSSL. > Perhaps this: "OpenSSL OR GPL-2.0 OR BSD-3-Clause"? The way this is typically worded in OpenSSL and CRYPTOGRAMSwould calls for this expression IMHO: OpenSSL OR (BSD-3-Clause OR GPL-2.0) -- Cordially Philippe Ombredanne +1 650 799 0949 | pombreda...@nexb.com DejaCode - What's in your code?! - http://www.dejacode.com AboutCode - Open source for open source - https://www.aboutcode.org nexB Inc. - http://www.nexb.com _______________________________________________ Spdx-legal mailing list Spdx-legal@lists.spdx.org https://lists.spdx.org/mailman/listinfo/spdx-legal
