>-----Original Message----- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] Behalf Of David Schwartz >Sent: Friday, April 14, 2006 3:47 AM >To: openssl-users@openssl.org >Subject: RE: Licenses... > > > >> >I still find this argument incomprehensible. Are you >> >suggesting that the >> >sole purpose the FreeBSD people develop software is to create this >> >wonderful, powerful "FreeBSD" project? And that anything that doesn't >> >benefit the project with the name "FreeBSD" somehow doesn't matter? > >> It would have been better if UCB had simply told GPL "sorry, we aren't >> going to revoke our advert clause" and left it at that. Then a lot of >> work in changing documentation and source files and such in the >> various BSD distributions would have not had to have been done. > > What would that have been better? That would have meant >that fewer people >would have been using the software for really no good reason. >Don't you want >your software to be used by as many people as possible? >
I recognize that I cannot please everyone, no matter what license I would use for any software that I write. If I wrote a package and picked the GPL then some people wouldn't use it. If I picked the BSD license some people wouldn't be happy. If I picked an OpenSSL style license some people are not going to be happy. OpenSSL needs to stick with the license that most closely reflects the philosophy of it's authors. That is, right now, an "advert clause" license, that is why the "advert clause" is in there. If some people in the community have a problem with that, that is their problem, not mine and not OpenSSL's. > > This assumes that the goal of BSD is not: > > 1) To get as many people using its software as possible. > This has never been a stated goal of BSD, at least not historically, although I don't know what all the BSD distributions goals are today. > 2) To improve the quality of software generally. > This is not exactly what one of the goals of BSD is. The primary goal of BSD is to write the best, bar none, UNIX operating system, and it always has been. If people don't want to use it because they don't like the BSD license being wide open, well then piss on them. The BSD distributions aren't going to modify thier license anymore just to make some moron happy. Certainly not the FreeBSD Project. > To use an analogy to show why your analogy is so off the >mark -- consider >if a local charity is building a home for a disabled veteran. You notice >that the staircase they're building is not wide enough for him >to get up and >down it due to his handicap, so you tell them how they can make >a simple, >easy adjustment so that he can be better accomodated. How is >the response, >"he's getting this damn house for free, what right do or anyone >have to tell >us how to build it!" > Apples and oranges. The licensing clause is not restrictive to people in the way a too-wide-for-the-stair disabled vet is. (that must be one fat vet or a very narrow stair) > Do you *really* feel that way? That anything anyone gets >out of OpenSSL is >manna from the gods and they have no right to criticize it -- Pretty much. Don't you? >even if simple >changes could bring huge benefits to thousands of people? > If the removal of the advert clause would bring huge benefits to thousands of people that might be something. You have not established this. > > That single project may itself link to many other >projects. That single >project could be the Linux kernel itself. > So a single Linux system that is connected to the Internet which can link to every host on the Internet, can change the software licensing on every computer in the world that is connected to the Internet? That's some powerful license! > > If you can cite any legal authority for the proposition that FSF >modifications to the GPL, for programs where copyright is not >assigned to >it, modify the grants of copyright, please do so. That seems to >me to defy >reason, but courts do sometimes adopt positions that defy reason. > I am just citing word for word the GPL, if you think the GPL is legally bogus, fine, but I don't think that is the issue here we are discussing. > > You are not in any way responding to the substance of my >arguments. You are citing examples that are not germane to the substance of my arguments, either. Stop doing that and I'll stop doing it. >Of >course gcc isn't linked into OpenSSL, the licenses are >incompatible. If gcc >wanted to support a language with cryptographic primitives, the >gcc people >would likely have to independently develop them and be unable to benefit >from the fact that the OpenSSL project has already developed >and tested that >code. Rubbish - the FSF owns copyright on GCC and can change the license it is licensed under any time they want. > >> How exactly does giving credit to the people that created a >significant >> part of your product stop you from releasing a product? > > It is forced speech. That is, it is something you must >say, whether or not >you agree with it and whether or not you feel it is something >appropriate to >say in that context. Too bad, so sad. >You must also impose this obligation on >others who use >your product, and it becomes an administrative issue that tags >along with >the product. This is a major problem for middleware. > Well then if that's the case you probably won't be using GPL software either since there's a lot higher burderns of administration associated with that. But I will say that this is the only argument you have yet made that has any substance whatsover to it, and that is the issue of administrative burdens of the various open source licenses, be they OpenSSL or GPL on commercial products. I will point out though for middleware producers, that the benefits of not having to reinvent the wheel have some cost; tracking this stuff is one of them. And I will further point out that EVEN IF the OpenSSL license was modded to help these people, that any middleware producer IS STILL GOING TO HAVE TO REVIEW -all- licenses of -all- software they use, because they will not know if there is a gotcha in any of those. As a middleware producer you are saving so damn much money by not having to reinvent everything, that I think it's rather petty of a middleware producer to complain about this relatively minor cost of tracking licenses. But that's just me. At this time I really don't think the arguments are compelling enough for this being a problem for commercial middleware producers for OpenSSL to change it's license. But I would be willing to listen to some specifc, real life examples. > If you have a product that might or might not actually >use bits of OpenSSL, >or you have a situation where it's not entirely clear what precise code >segments consitute parts of what products, it can be very hard >to figure out >where the clause is required and where it would be lying. > That is true but you certainly could ask OpenSSL Project for their opinion. But also the wording of the clause is rather vague so if you have any OpenSSL software at all in there, just state the software contains portions of software from OpenSSL Project, no need to get specific as to what those portions are. > And, of course, it's incompatible with the GPL. So if >you happen to be >working on a GPL project, you either can't keep it under the GPL or you >can't use OpenSSL. > Unless you get a variance from the FSF as I stated earlier, or get permission from the original authors of the GPL software who hold the copyright on it. > > This is an argument based on two sub-arguments. First, >the GPL is bad, so >OpenSSL can't be bad. That's obviously nonsense. The other is >an argument >from personal incredulity -- because you can't see how it would >be a burden, >it can't really be one, even when there are actually people who >are in fact >burdened. > No, it is really based on the second sub argument, not the first. And let's examine this for a second. I consider it burdensome to drive on the street at the speed limit, I want to go faster. Is it burdensome for me to be cited for speeding? Suppose I want to go 37Mph and the posted speed is 35Mph, is that burdensome? I think most drivers would say that a cop writing a ticket for 2Mph over the limit is burdensome. (or photo radar or whatever) Suppose I want to go 40 What about 50 What about 100Mph? As the speed goes up that I want to go, I think fewer and fewer people would consider it burdensome for a cop to cite me for speeding. In short, the burdensomness of the speed limit is, in fact, a subjective argument. This advert clause is subjective in the same way. Just because a few people consider the OpenSSL advert clause burdensome does not mean that in reality it is burdensome for most people. > > Again, this is an argument from personal incredulity. Is >it your position >that there is no problem in combining software licensed under >the GPL with >software that has a license with an advertising clause? No, it is not. There is a problem, and that is why there is a mechanism IN THE GPL ITSELF to take care of this problem. It is very simple and I fail to see why it cannot work. That mechanism is to have the FSF issue a variance - if you feel your project sufficiently intertwines with the GPL as to make the GPL normally become effective. Keep in mind that the courts have not ruled on the idea that just because you link your code into GPL code that you lose all rights to control licensing of your portion of the code. This is a revolutionary idea of the FSF's and it is frequently pointed out in legal circles how this is one of the big weak spots of the GPL, and would likely be invalidated. My reading of copyright law is that the GPL cannot control how I license my copyrighted software just because I link an object module into their code or vis-versa. The FSF vehemently disagrees and this linking issue is one of the central reasons why the GPL is called a viral license, and it is one of the linchpins of the argument that the advertising clause in OpenSSL is a burden. > >> Yes, but this is irrelevant since the advert clause isn't a block to >> prevent more people from using OpenSSL. > > So is it your position that there are no cases where >GNUtls was used >instead of OpenSSL because of the advertising clause? > No, not at all. My position is that the OpenSSL requirement to give credit where credit is due is not onerous, and not a real block to using it. I am sure there are people who think it is, who have used something else. They have a right to use something else, and I would not question that, but I do think they are rejecting OpenSSL for the wrong reason. > If you owned a commercial software company, how would >you feel about hiring >a programmer who insisted that any software that he had worked >on, in any >advertisements mentioning features he contributed to, contain a >note saying, >"This product contains software developed by Jack Smith". >(Assume his name >is Jack Smith.) > The law already has provisions for that. Regardless of what Jack Smith wants, the law says if I'm paying him hourly to write code, the copyright to the code belongs to me, not to him. I don't really have any feelings one way or another on his desire, because it's not a decision for him to make - per the law, not per me. >> This is a philosophical dispute. Some people don't like the OpenSSL >> license for whatever reason. These people cannot grasp that since >> they didn't write OpenSSL, they really don't have any say in the terms >> of the OpenSSL license. So rather than just suck it up and accept it, >> and deal with it using the mechanisms that are already available to >> do so (such as writing the FSF) these people feel it necessary to >> try to push the OpenSSL project into changing it's license. > > That is just incredibly petty. I'm not really capable of >composing a >rational response to that other than that if you're going to try to >contribute to benefit the community, you could do so with a positive >attitude toward benefitting the community. You could at least >give a shot at >leading the GPL community by example. > The GPL community could at least give a shot at leading by example - by accepting license other than the GPL. Should every community that wants to write open source and wants to create their own license, not be permitted to do so, or should they have to get permission from the FSF as to whether their license is "approved"? That seems to be what you are arguing. >> Why is the GPL philosophy of "we don't want to give credit" a >more valid >> philosophy than the OpenSSL philosophy of "give credit"? > > The philosophy is that people should not be forced to >say things they may >not agree with or may not find appropriate to say in particular forums. > You mean like people that want to use GPL code not be forced to give out source to their modifications on request? You cannot have real freedom without responsibility. For those who have no responsibility whatsoever, any restrictions are going to be onerous. if someone chooses to distribute GPL software they must follow the restrictions set by that license. If someone chooses to distribute OpenSSL software they must follow the restrictions set by that license. It really is as simple as that, not as complex as you are trying to make it out to be. Ted ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
