Hi, Today, Branden Robinson, Steven Gore, and Oliver Bolzer were discussing the licence issues of a package that Oliver wished to package. However, upon reading the licence of openssl (which the program, GPL'd, links against.)
Branden Robinson is Overfiend Steven Gore is sgore Oliver Bolzer is OliB I am woot. We are all too tired, or rushing off somewhere, so I agreed to post this (edited for clarity, full transcript available on request) log. 20:04:44 <OliB> I got this nice GPL program that uses OpenSSL, which is BSD w/ advertising, this is not OK? 20:05:03 <Overfiend> OliB: it is not OK 20:05:22 <Overfiend> OliB: clause 3 of the 4-clause BSD license in incompatible with the GPL, because it is an "extra restriction" 20:05:33 <Overfiend> s/in in/is in/ 20:06:09 <OliB> overfiend: dynamic linking also ? 20:06:24 <Overfiend> OliB: the FSF regards dynamic linking as creating a derivative work. 20:06:41 <Overfiend> OliB: in general, people don't argue with them about that. 20:07:00 <sgore> OliB: I'm confused.. are you saying that the app is BSD w/advertising, or that openssl is BSD w/advertising? 20:07:00 <Overfiend> OliB: who is the copyright holder on OpenSSL? 20:07:21 <Overfiend> sgore: good point 20:07:21 <sgore> openssl is in non-us/main 20:07:35 <Overfiend> sgore: 4-clause BSD is DFSG-free. Just not GPL-compatible. 20:07:56 <sgore> ah 20:07:56 <Overfiend> warning, acronym overload 20:07:56 <OliB> sgore: the app is GPL and currently statically linking OpenSSL 20:07:59 <Overfiend> what is the license on OpenSSL? 20:08:09 <Overfiend> I see it 20:08:10 <Overfiend> nm 20:08:49 <Overfiend> * Copyright (c) 1998-1999 The OpenSSL Project. All rights reserved. 20:08:49 <Overfiend> gack 20:08:49 <Overfiend> this is not a BSD license 20:08:49 <Overfiend> it's derived from one, though 20:09:02 <Overfiend> I think this license may have problems. 20:09:07 <Overfiend> This way sucks. OpenSSL is important. 20:09:07 <OliB> overfiend: i interpreted it as BSD-style 20:09:16 <sgore> looks confused to me 20:09:18 <Overfiend> OliB: it is, but the devil is in the details, not the style 20:10:01 <Overfiend> clauses 4 and 5 are additions that do not appear in any actual BSD license 20:10:06 <OliB> overfiend: on a quick apt-cache showpkg libssl09, there seem to be GPL programs depending on it 20:10:08 <Overfiend> even with the proper nouns replaced 20:10:24 <sgore> OliB: many do 20:10:38 <Overfiend> OliB: this could be a problem. The GPL says that the "entire work" must be distributable under the terms of the GPL. 20:10:46 <Overfiend> This would appear not to be the case. 20:10:53 <sgore> OliB: openssl (as Overfiend said) is *important* 20:10:55 <Overfiend> It is the inverse of the Qt problem. 20:11:35 <Overfiend> Clause 3 is not enforceable in the United States, according to lawyers for the University of California. 20:11:48 <Overfiend> (so I have heard -- I remain frustrated in my efforts to find a citation for that opinion) 20:12:13 <sgore> clause 4 seems almost non-free 20:12:17 <Overfiend> yes 20:12:33 <Overfiend> sgore: technically, RMS doesn't care if people use trademark law for that sort of thing 20:12:38 <Overfiend> he regards it as orthogonal 20:12:47 <Overfiend> but these are clearly conditions of the copyright license 20:12:53 <Overfiend> not a separate trademark license 20:12:53 <sgore> We can't even say "Debian 2.2 includes OpenSSL" without prior permission. 20:13:18 <Overfiend> I think is a problem. 20:13:27 <Overfiend> I'm trying to think of ways it isn't, and I'm not coming up with any. 20:13:41 <Overfiend> s/is a problem/this is a problem/ 20:14:02 <sgore> this needs to go to legal 20:16:57 <Overfiend> OliB: you have my permission to post everything I've said in this channel since "<OliB> I got this nice GPL program that uses OpenSSL, which is BSD w/ advertising, this is not OK?"; please post to -legal 20:17:27 <OliB> overfiend: i have posted to -legal about my specific case but no answer after 2 weeks 20:17:40 <Overfiend> OliB: hopefully sgore will do the same; post our conversation, MIME-attach /usr/doc/openssl/copyright 20:18:07 <Overfiend> OliB: put "IMPORTANT:" in the subject line 20:18:22 <Overfiend> openssl is rapidly becoming fundamental 20:18:34 <Overfiend> we need to get this straightened out ASAP 20:22:39 <Overfiend> OliB: clauses 3, 4, and 5 are GPL incompatible 20:22:39 <sgore> I thought the ftp admins were supposed to check licences of new packages. I thought that's one of the reason new packages had to be vetted by hand. 20:22:44 <Overfiend> OliB: clauses 1, 2, and 6 are perfectly all right (they comprise the "new" 3-clause BSD license) 20:22:51 <Overfiend> well, shit 20:23:06 <woot> Subject: IMPORTANT: OpenSSL (and associated libraries) appear to restrict further use of different licences 20:23:09 <woot> ? 20:23:47 <Overfiend> look at Eric Young's original copyright 20:23:47 <Overfiend> this is very blatant 20:23:47 <Overfiend> * The licence and distribution terms for any publically available version or 20:23:47 <Overfiend> * derivative of this code cannot be changed. i.e. this code cannot simply be 20:23:47 <Overfiend> * copied and put under another distribution licence 20:23:47 <Overfiend> * [including the GNU Public Licence.] 20:23:47 <Overfiend> Bah, Eric Young appears to have used the old 4-clause BSD license as a deliberate act of sabotage against GPL'ed apps using this library LICENSE ISSUES ============== The OpenSSL toolkit stays under a dual license, i.e. both the conditions of the OpenSSL License and the original SSLeay license apply to the toolkit. See below for the actual license texts. Actually both licenses are BSD-style Open Source licenses. In case of any license issues related to OpenSSL please contact [EMAIL PROTECTED] OpenSSL License --------------- /* ==================================================================== * Copyright (c) 1998-1999 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. All advertising materials mentioning features or use of this * software must display the following acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" * * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to * endorse or promote products derived from this software without * prior written permission. For written permission, please contact * [EMAIL PROTECTED] * * 5. Products derived from this software may not be called "OpenSSL" * nor may "OpenSSL" appear in their names without prior written * permission of the OpenSSL Project. * * 6. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit (http://www.openssl.org/)" Regards, Edward. -- Edward C. Lang woot on various channels on irc.openprojects.net [EMAIL PROTECTED] - Normal mail. Most stuff ends up here anyway. [EMAIL PROTECTED] - Debian mail. Finger this address for keys. [EMAIL PROTECTED] [EMAIL PROTECTED] - Other email addresses. TINC.
