On Sat, 2021-12-11 at 13:58 +0100, Matthias Andree wrote: > Greetings, > > I am seeking clarification on licensing, judging from OpenVPN 2.5.X > (meaning latest 2.5). > > 1. mbedTLS licensing compatibility. AFAICS, mbedTLS is currently > under dual Apache License 2.0 and GPLv2, > https://tls.mbed.org/download - while OpenVPN is under GPLv2-only > license (not the "or any later version") clause, as of 2.5.4, where > the mbedTLS future license will be Apache License 2.0 only - this > will be incompatible with GPLv2 but not GPLv3. > https://www.gnu.org/licenses/license-list#apache2
Actually, this isn't a correct analysis: the gnu.org statement above covers the case where code is integrated into the work, not the case where the code forms part of a system library. GPL contains a specific exception in section 3 for system libraries, meaning if you link a GPL covered work with them, they don't also come under the terms of GPL. That's how GPL programs can get linked with proprietary C libraries, for instance, as that was the original use case for GNU tools before Linux came along. However, the system exception doesn't save you where the Library itself imposes conditions on the work it links with; then you get an incompatibility you need an exception in the work for. The Apache licence doesn't do this, so linking openvpn with mbedTLS will be fine even after it transitions to Apache-2.0. The problematic licence was the old openssl one because it imposed an advertising requirement on the combined work which then becomes incompatible with GPL. James _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
