<std not-a-lawyer disclaimer> If it's contributed to, and distributed as a part of, a project, the most common-sense interpretation of intent would be that the contributor intended that the contributed code be distributed under the same license as the remainder of the project. While a formal conveyance of copyright likely does not exist (meaning there's no written statement transferring ownership of the copyright to the OpenSSL project), that simply means that it cannot be simply re-licensed by the OpenSSL project to put it under more restrictive -- or more lax -- conditions.
The entire body of source code which makes up OpenSSL and is distributed as OpenSSL, btw, might fall under the "compilation copyright" rules. My understanding of those rules (which govern things like phone books, dictionaries, databases, and anything else that sources from multiple places and publishes as a conglomerate) is that you cannot take something from a compilation and use it under any license except that which you obtained from the compilation. (If you receive it independently from the original author, you can use it under the license terms you negotiate with the original author. But, OpenSSL cannot claim anything other than "it is distributed with and by virtue of the license that OpenSSL was granted by the contributor" -- and without permission of the original contributor cannot change that license.) This license is not GPL-compatible. This means that anything you put non-GPL-compatible code into along with GPL-licensed code, you cannot legally distribute. (This is documented on the GNU license compatibility chart.) This license has a clause which requires advertising any portion of code's presence. It is not good-faith if you ask what license terms something is distributed under, are told to look at the license that accompanies the distribution, and choose not to read the plain language of the license. Barring the original author's explicit statement otherwise, the blanket license it is distributed with is the only sensible license to treat it with. Now, I am not a lawyer, and I am not a member of the OpenSSL core team, and I cannot state anything on their behalf, either individually or collectively. These are my opinions only. If you feel you need legal advice, contact an attorney -- I'd suggest that the field of specialization you're looking for is probably "intellectual property". I cannot give legal advice, and I don't particularly want to try. -Kyle H On Dec 21, 2007 10:18 PM, Joshua Juran <[EMAIL PROTECTED]> wrote: > On Dec 3, 2007, at 12:33 AM, Kyle Hamilton wrote: > > > My understanding is that the terms of the OpenSSL license dictate what > > license you can use the files under, unless otherwise marked. It is a > > modified classic-BSD (with advertising clause) license. > > Clearly, if I release a program linked with OpenSSL Toolkit, it's > acceptable to use Randomizer.cpp under the same terms. But that is > not my question. I'm asking about using Randomizer.cpp in isolation. > > It would also be fair to argue that I'm entitled to distribute > Randomizer.cpp without the OpenSSL Toolkit under the same terms. But > I don't wish to do so, because that would require me to make false > statements in a copyright notice: > > * 6. Redistributions of any form whatsoever must retain the following > * acknowledgment: > * "This product includes software developed by the OpenSSL Project > * for use in the OpenSSL Toolkit (http://www.openssl.org/)" > > * This product includes cryptographic software written by Eric Young > * ([EMAIL PROTECTED]). This product includes software written by Tim > * Hudson ([EMAIL PROTECTED]). > > To my knowledge, Randomizer.cpp was not developed by the OpenSSL > Project, and does not contain cryptographic software written by > either Eric Young or Tim Hudson. Without any supporting evidence, > I'm not willing to make these statements, nor can I see how a > requirement to do so could be legally enforceable. > > It would be quite another thing if Randomizer.cpp included its own > advertising clause with respect to Roy Wood, but it doesn't. > > Barring any objections from the copyright holder(s), I will in good > faith construe Randomizer.cpp's license as being the same as > OpenSSL's license except with the false advertising clauses removed, > and consequently, compatible with the GNU GPL. > > Josh > > > > On Dec 1, 2007 5:39 PM, Joshua Juran <[EMAIL PROTECTED]> wrote: > >> Hello, > >> > >> I'm developing a unix-like environment for traditional Mac OS, and > >> I'd like to use Roy Wood's randomizer code (packaged in OpenSSL) to > >> implement /dev/random. However, the code in question > >> (Randomizer.cpp) contains no copyright notice or license, and my > >> email to [EMAIL PROTECTED] bounced. > >> > >> Does anyone know either under what terms I may use the code, or how > >> to contact Roy Wood? > > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
