On Sun, Apr 21, 2002 at 04:15:09PM +1000, Brian May wrote: > Hello, > I am still a bit confused as to the problems with > linking GPL code with OPENSSL. I don't intend to start > any flame wars... > Please send CCs to me. Thanks. > If there is somewhere I can find this information, URLs > would be appreciated. > 1. What is the problem? I have read the GPL, and cannot recall the > problem. According to the top of /usr/doc/openssl/copyright, > openssl has a dual BSD style license. I haven't heard of problems > linking GPL code with BSD code before. So why is this different? There have always been problems linking GPL code with BSD code, so long as the GPL has existed. Only code licensed under the new, recently revised BSD license can be linked with GPL code. OpenSSL doesn't use such a new-style BSD license. > 2. Is <URL:http://www.openssl.org/support/faq.html#LEGAL> wrong? ie. > "the GPL does not place restrictions on using libraries that are part of > the normal operating system distribution". The actual wording of the GPL in this regard is The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. The current interpretation of this accepted by Debian, which I've been unable to find fault with, is that if your operating system comes with OpenSSL, it's ok to link *third-party* GPLed works against it; but if you distribute a GPLed work together with the libraries it depends on, even as part of an OS distribution (such as Debian), then those libraries must all be licensed in a manner that's compatible with the GPL. > I normally like the GPL, but I find it a bit irratating that I can't > take some GPL program, and link it against Heimdal (which happens to > be linked against OpenSSL), without express permission from all the > copyright holders of the GPL software. In fact, I would argue that this > goes against the goals of the GPL. The goals of the GPL are to ensure the greatest net level of software freedom, by trading certain user freedoms (unlimited use of the source code) for others (guaranteed availability of the source code of derived works). As such, I don't think it's ever in conflict with the goals of the GPL to prevent linking with code that doesn't provide users with the same set of freedoms that the GPL itself does (or a superset thereof). You may argue that you place greater value on the freedoms that BSD-style licenses give you, but by virtue of the advertising clause, the OpenSSL license nevertheless lacks one freedom that the GPL insists on; and as such, it's incompatible. Given the long history of the GPL as a license, and the fact that it has undergone revisions in the past, I think it's awkward to argue that it doesn't really say what its authors meant for it to say. Rather, I see the GPL as a principal source of insight into the goals of its authors. :) Steve Langasek postmodern programmer
Attachment:
pgpwIHt6A0miC.pgp
Description: PGP signature