On December 7, 2018 6:04:22 AM UTC, Ben Finney <bign...@debian.org> wrote: >Sebastian Andrzej Siewior <sebast...@breakpoint.cc> writes: >> The wording (of the addon) was drafted on debian-legal a few years >> back. > >Can you give citations to what you're referring to? there have been >many >such discussions so it would help if we're both talking about the same >thing.
For the openssl license with advertising and GPL: <1084398162.11845.89.camel@glop> https://lists.debian.org/debian-legal/2004/05/msg00595.html >The part of that article salient for this discussion seems to be: > > OpenSSL version 3.0.0 will be the first version that we release > under the Apache License 2.0. We will not be applying the Apache > License to earlier releases of OpenSSL. > >That doesn't specify the grant of license so it's unclear what the >total >set of conditions will be. Okay. > >> https://github.com/openssl/openssl/blob/master/LICENSE > >That is a nearly-verbatim copy of the Apache License 2.0 with no >legally >substantive changes (only the URL in the header changed to an HTTPS). > >Merely dropping a copy of the license document doesn't tell use exactly >what is the grant of license, as many works (including OpenSSL itself, >and as you point out a lot of works that link to OpenSSL) have a >complex >grant of license that incorporates some combination of conditions. It >is >not enough to assume that a license document implies the entire grant >of >license. > >So we will need to see what exact text is the grant of license (the >text >saying something like "This is OpenSSL, Copyright © 2018 Foo Bar. You >are hereby granted freedom to do X, Y, Z under these explicit specific >conditions"). > >Is the grant of license somewhere in the Git repository to be examined? So the readme file https://github.com/openssl/openssl/blob/master/README has this: The OpenSSL toolkit is licensed under the Apache License 2.0, which means that you are free to get and use it for commercial and non-commercial purposes as long as you fulfill its conditions. Is this enough or should upstream add more to this? -- Sebastian
