----- Original Message ----- 
From: "Ryan Shon" <[EMAIL PROTECTED]>
To: <openssl-users@openssl.org>
Sent: Tuesday, August 22, 2006 12:07 PM
Subject: related license question


> Thank you for the clarification.  What you have said
> makes sense, but I am still a little unclear on what
> is meant by "redistribution" and "products derived from [OpenSSL]".
> 

redistribution means distribution by someone other than the
copyright holder.

> Presumably, a program, e.g. a web browser, could be written
> which uses OpenSSL (whether through linking to the libraries or
> by including actual pieces of OpenSSL code), and this browser
> would not have to be licensed under the OpenSSL license. 

correct as long as the license on the browser does not deviate from the
distribution terms that are in openssl, gives copyright attribution, etc.

> This would
> be a "product derived from OpenSSL",

yes

> and users could be forbidden to 
> redistribute the browser in source or binary forms.

no, not possible.  The reason is that the openssl license
distribution terms permit unrestricted redistribution in source or binary
forms and since the new license must follow the distribution terms in
the openssl license to be compliant, the new license must
permit unlimited redistribution.
 
> Is this a correct interpretation of what a "product derived" is?
> 

yes

> 
> If a person were to take a full OpenSSL distribution and
> completely rewrite some source files, but not all source files, of which
> libcrypto.a is composed, then compile and distribute the resulting
> libraries libssl.a and libcrypto.a, would libssl.a be a
> "redistribution", and would libcrypto.a be a "product derived" or a 
> "redistribution"?

Both.  If there's any openSSL code that makes up the resultant
libssl.a or libcrypto.a, then the added code that this hypothetical
person wrote would become part of the openssl toolkit, and
thus subject to it's licensing.

> In other words, would the person be able to
> prohibit redistribution of their new libcrypto.a, even though
> it utilizes some unmodified OpenSSL code, and is part of a complete
> OpenSSL distribution?
> 

No, they can only follow the redistribution terms that are in
the openssl license, those terms are unrestricted, so the person's
license would have to be unrestricted as well.

You simply cannot redistribute openSSL code with your
own code mixed in, and have part of the openssl distribution
that you are sending out be under the openSSL license, and
part of the redistribution subject to your own license.  The
grant of redistribution rights you get from the openSSl license
do not permit you to do this.

If you want to distribute a replacement libcrypto.a under your
own license terms, you must write from scratch all files that
are used to build the libcrypto.a you cannot take any existing
openssl files and use them in the build of the libcrypto.a,
then redistribute this under a restricted license, as the openssl
license does not give you that right.

The only way you can do what you want to do is distribute
the part you write separately from the openssl part, and license
your part under your terms, and the openssl part under it's
terms, and have the end-users combine the parts to a single
result.

Ted
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to