----- Original Message ----- From: "Ryan Shon" <[EMAIL PROTECTED]> To: <openssl-users@openssl.org> Sent: Tuesday, August 22, 2006 12:07 PM Subject: related license question
> Thank you for the clarification. What you have said > makes sense, but I am still a little unclear on what > is meant by "redistribution" and "products derived from [OpenSSL]". > redistribution means distribution by someone other than the copyright holder. > Presumably, a program, e.g. a web browser, could be written > which uses OpenSSL (whether through linking to the libraries or > by including actual pieces of OpenSSL code), and this browser > would not have to be licensed under the OpenSSL license. correct as long as the license on the browser does not deviate from the distribution terms that are in openssl, gives copyright attribution, etc. > This would > be a "product derived from OpenSSL", yes > and users could be forbidden to > redistribute the browser in source or binary forms. no, not possible. The reason is that the openssl license distribution terms permit unrestricted redistribution in source or binary forms and since the new license must follow the distribution terms in the openssl license to be compliant, the new license must permit unlimited redistribution. > Is this a correct interpretation of what a "product derived" is? > yes > > If a person were to take a full OpenSSL distribution and > completely rewrite some source files, but not all source files, of which > libcrypto.a is composed, then compile and distribute the resulting > libraries libssl.a and libcrypto.a, would libssl.a be a > "redistribution", and would libcrypto.a be a "product derived" or a > "redistribution"? Both. If there's any openSSL code that makes up the resultant libssl.a or libcrypto.a, then the added code that this hypothetical person wrote would become part of the openssl toolkit, and thus subject to it's licensing. > In other words, would the person be able to > prohibit redistribution of their new libcrypto.a, even though > it utilizes some unmodified OpenSSL code, and is part of a complete > OpenSSL distribution? > No, they can only follow the redistribution terms that are in the openssl license, those terms are unrestricted, so the person's license would have to be unrestricted as well. You simply cannot redistribute openSSL code with your own code mixed in, and have part of the openssl distribution that you are sending out be under the openSSL license, and part of the redistribution subject to your own license. The grant of redistribution rights you get from the openSSl license do not permit you to do this. If you want to distribute a replacement libcrypto.a under your own license terms, you must write from scratch all files that are used to build the libcrypto.a you cannot take any existing openssl files and use them in the build of the libcrypto.a, then redistribute this under a restricted license, as the openssl license does not give you that right. The only way you can do what you want to do is distribute the part you write separately from the openssl part, and license your part under your terms, and the openssl part under it's terms, and have the end-users combine the parts to a single result. Ted ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]