----- Original Message ----- From: "David Schwartz" <[EMAIL PROTECTED]> To: <openssl-users@openssl.org> Sent: Saturday, September 02, 2006 5:22 AM Subject: RE: license question
> > > > I wholeheartedly disagree. You cannot violate the OpenSSL > > > license by using > > > OpenSSL. > > > > > > The end user is not creating a derivative work because he is > > > not creating a > > > work at all. For copyright purposes, you only create a work when you add > > > creative input. Compiling and linking is not a creative process. > > > This is licensing terms we are talking about here, not copyright terms, > > which are an entirely separate and different thing. > > Umm, no. We are talking about whether the license *covers* a particular act > or not, not what the license says about that act. The scope of the license > is set by copyright law, Copyright law gives the copyright holder almost unlimited power to control distribution of the copyrighted work - until the copyright expires, that is. About the only thing a copyright holder can't do is force a user of his work to do something illegal. But, if for example, a songwriter decides that the only way your going to be able to listen to his copyrighted work is to pay him then paint yourself green and stand on your head while he plays it, well then better get the paintbrush. What kind of relief are you looking for, exactly, from copyright law, for any rediculous or silly requirement that a copyright holder wants to put into a license? Adn please, don't waste time quoting fair use, if fair use was really observed then the news organizations wouldn't be chasing after people they interview all the time to get them to sign releases. It is very rare that a court upholds fair use on copyrighted material, at least in the United States. Hell, you can't even put a 1 minute partial section of a song track on a website these days under fair use without the RIAA jumping all over you. > not by the license itself. The license can only > restrict an action that copyright law gives a copyright holder the right to > restrict. > And since copyright law gives the copyright holder unlimited authority to control use and distribution, what is the point? > For example, if the OpenSSL license said that if you ever downloaded a copy > of OpenSSL, you had to pay the authors $1,000,000, this would not be valid. Huh? I think the people that run itunes would beg to disagree. > It would only be valid if the license were the only way to get the right or > ability to download a copy of OpenSSL. > not correct. I think you need to rework this example, obviously you have some point buried in there your trying to make. > Since nobody formally agrees to, clicks on, or otherwise assents to the > OpenSSL license, the OpenSSL license only applies to you when you choose to > accept it. Of course, should you not choose to accept it and then do > something copyright law prohibits you from doing, you are violating > copyright law. (Read this over a few times until you get it. This is the > crux right here.) > Ah, that argument. You aren't the first person to think up that one. As far as whether software licenses apply whether or not someone agrees to the license in writing, or by clicking, or by opening the shrink wrap, well that is still an open question. There's been plenty of infringment lawsuits in the past in the software industry where the accused has made a similar claim. Unfortunately, in the US they all seem to get settled out of court. The software industry really does not want shrink wrap licensing tested in court, and that includes the FSF - who has bent over backwards to prevent it's precious GNU license tested in US court. In other countries where the courts are less sympathetic to the copyright holder, there have been some case law created. Like in Germany for example. But, I invite you to go infringe a software license in the US, get the copyright holder to come after you, then try this argument out in an US court and see how far it gets. You can start out with an OEM license, load that on another piece of hardware, then get the holder to sue you. I'd love to see those ruled invalid. But until someone has the nuts to do this in the US, your not going to find many users with much of value who are vulnerable to being bled dry by legal action in the US, to take this approach. So while it might have merit in a theoretical discussion, it is useless in practicality, at least in corporate America. > It is essentially impossible to violate the OpenSSL license. If you > disribute OpenSSL in violation of its license, you are violating copyright > law. This is because copyright law restricts the distribution of covered > works and you have no license. If you are not complying with the terms of > the license, you just don't get the *additional* rights the license gives > you. But you still have the rights under first sale, fair use, scenes a > fair, and so on. > > Again, just to be 100% clear -- the only way you could "violate the OpenSSL > license" would be to do something that copyright law prohibited you from > doing without complying with the OpenSSL license. So before we can even ask > if you complied with the OpenSSL license, we have to ask whether you did > something copyright law prohibits you from doing. > > > From the license: > > > > "...Redistribution AND USE in source..." > > > > "This LIBRARY is free for commercial and non-commercial USE as long as > > the following conditions..." > > This doesn't matter because the license cannot set its own scope. One has, > under copyright law, the right to *use* any work one has lawfully acquired. > If you think about it, this must be so. Otherwise, I could drop copies of my > poem from an airplane and then sue anyone who read it without complying with > my license terms. You don't "license" poems so that does not apply. You have also chosen a distribution mechanism - dropping from the plane - that you have an inherent inability to control the use of the material. So, for the first use at least - the initial read of the poem - while you could sue, you wouldn't win. But, you could certainly sue, and win, if someone reprinted the poem. I am in agreement with you that the idea that software should be even PERMITTED to be licensed in the first place is fucking stupid, and should never have been permitted in the first place. But the realities of what people are doing today in the industry are that at least in the united states, the industry is arguing that software is considered a device, thus patentable, not an expression. And so far, nobody with money has stood up to fight that all the way to the US Supreme Court, even though there's a lot of bad law, like the DMCA that is institutionalizing it. > Otherwise, I could buy a book that contained a clause > inside the cover that I couldn't read it on weekdays. > > If you read copyright law, you will see that the right to *use* a work is > *not* one of the rights reserved to the copyright holder. So the OpenSSL > license can't restrict the *use* of a work any more than it can restrict > breathing. > Thus, the reason that industry is pushing for software licenses to be considered to apply automatically. And they are gradually getting it. > > When you link in your own code, it becomes part of the library, thus part > > of OpenSSL. If you don't apply all the license terms to your code, when > > you are licensing it to yourself to use for yourself, you are > > violating the > > license. Of course, nobody cares because your not redistributing it. > > The OpenSSL license is not a click-through or shrink-wrap license. There is > no way you can argue that a person agreed to the license merely by using > OpenSSL. You cannot violate a pure license by using a work. (You can violate > an EULA, shrink-wrap, or click-through agreement. But the OpenSSL license is > none of those.) > Tell that to the FSF. > To the extent that the OpenSSL license purports to limit the ordinary use > of a covered work, it simply means that those acts do not grant you the > additional rights the license grants you. But you don't need to get the > right to use it from the license, you automatically have that by having > lawfully acquired the work. > > > There are many funny licensing clauses that appear nonsensical to the > > layman but are perfectly logical. The SSLeay and OpenSSL license is > > an extremely sloppy and poorly defined document because the people > > who wrote it were under the misguided assumption that good legal > > documentation is simple. This is an assumption that is shared by much > > of the general public, of course, because most people are stupid and > > want to believe that the rest of the world is comprised of simpletons, > > it makes them feel better. In reality, good, defendable legal > > documentation > > is > > very explicit and spells everything out, that is why it's so long, it does > > not make a bunch of assumptions. > > It doesn't matter. We're talking purely about the scope of the license. The > license cannot expand its own scope, only reduce it. A pure copyright > license like OpenSSL's, the BSD license, or the GPL *cannot* restrict use. > It does not have that power under copyright law. (17 USC 109) > Then please get Microsoft to sue you when you use an OEM version on a new hardware PC, make that argument in court, and get it invalidated. Until then I say your full of baloney. Maybe tasty baloney, but baloney nevertheless. Ted ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
