On Sat, Jun 16, 2001 at 04:03:33PM +1000, Anthony Towns wrote: > So, anyway, we've been looking into the "crypto-in-main" issue recently, > and someone (actually someones, probably) mentioned that the OpenSSL has > some problems, both patent related (it includes IDEA, and some other > patented algorithms -- Red Hat gets around this by not compiling them > into their libssl, for reference), and GPL-related. In particular, the > OpenSSL license is probably not GPL compatible, due to both an explicit > "You can't use this code under the GPL"-esque clause, and two or three > obnoxious advertising clauses. > > This doesn't make OpenSSL non-free, but it does cause problems for a > number of packages in the archive which both appear to be under the GPL, > and which are linked against openssl. These are: A friend as asked me to raise some points about this topic. First of all, the "no relicensing" requirement has caused a lot of confusion. This is due to a misunderstanding of the way copyright law works. The important point is that code reuse does not involve relicensing. When one writes a program using, deriving, or integrating OpenSSL, he will gain copyright only to what he has writen or otherwise legally belongs to him. The copyright of OpenSSL will remain with its authors. Copyright law includes implicit protection against code being "copied and put under another distribution license". Now, it isn't implied that whatever derived work results from this mesh of code will be legally distributable. That depends on the compatibility of the licenses for the different pieces of code. In summary, the clause: * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] ...is a no-op, as copyright law already implicity provides it. This clause does not cause much reason for concern. Unfortunately, there's more. A few years ago, OpenSSL became maintained by Tim Hudson and others. Their contributions are licensed under the original BSD license, *with the advertising clause*. This should be the major concern when attempting to use GPL'd code with OpenSSL. Usually, special exceptions to the GPL are used by the copyright holders of the GPL'd package to deal with this. This is a legal necessity, and should be enforced on the relevant Debian packages, removing them from the archive if their copyright holders are unwilling or unable to grant these exceptions. OpenSSL includes two alogrithms that are patented in the United States: IDEA and RC5. Apparently IDEA is nonessensial and is often omited from distributions of OpenSSL. I'm not sure about RC5. Since OpenSSL was written in Australia, there was not very much concern about software patents. Both of these patents will take at least 10 years to expire.
Attachment:
pgpzVLA6Vdwmn.pgp
Description: PGP signature