On Fri, 2004-06-04 at 08:39, Henrik Nordstrom wrote: > Do you have more detailed information on this license conflict? If I > understand correctly it is actually GPL who does not allow linking with > the OpenSSL license due to the (double) advertising clause of OpenSSL and > therefore needs an exception to allow OpenSSL to be linked into the GPL > application even when the OpenSSL license is not strictly GPL compatible.
http://archives.seul.org/mixminion/dev/Jul-2002/msg00015.html has two useful links to the debian legal archives.. http://lists.debian.org/debian-legal/2002/debian-legal-200207/msg00563.html, http://lists.debian.org/debian-legal/2002/debian-legal-200207/msg00454.html and followups. ] > > We have three basic options: > > > > 1) Ignore it - appliances can't ship with ssl support, distros can't > > ship with ssl support, but users can rebuild their squids if they need. > > If my assumption wrt the license conflict above is correct then most > distros can probably argue that they are safe due to OpenSSL today being > considered an integral OS component already expempt from GPL by section 3 > in the GPL, but it is a thin line on what is "core component" and what is > "extra". Well, it's an arguable position, but IMO an unsafe one. Its certainly not part of the posix interface to the sytem, for instance. > > 2) Get squid working with GnuTLS which is meant to be an almost-dropin > > replacement for openssl. They apparently have compatability headers > > even. > > Interesting. Should not be hard to accomplish I think. Cool. I have very little experience with ssl/tls code - and no time right now to hack on it anyway :[. But if I can get you any info etc, and you have time... Rob -- GPG key available at: <http://www.robertcollins.net/keys.txt>.
signature.asc
Description: This is a digitally signed message part
