[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

GPL exception for the OpenSSL library

Hi Richard!

	I have a question to ask of you, which involves exception
statements to the GNU General Public License.  It is slightly
complicated, so I will give you some background.

	Hewlett-Packard released a driver called the "HP OfficeJet Linux
Driver" which is packaged in the Debian GNU/Linux system as "hpoj"  A
description can be found at
	http://packages.debian.org/unstable/utils/hpoj.html

	Fortunately, HP was wise enough to license hpoj under the GNU
GPL.  Unfortunately, it is linked to the OpenSSL library (libcrypto)
which you and I know is GPL-incompatible.  This was reported to Debian
in http://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no\&bug=147430

	HP looked at the exception presented at in the FSF's GPL FAQ
http://www.gnu.org/licenses/gpl-faq.html#WritingFSWithNFLibs and decided
that it was too broad for their tastes.  They were afraid that if
someone were to link a library that was not OpenSSL from the OpenBSD
team, and their "OpenSSL" non-free; the exception statement would apply
to it.  Another developer, Renaud de Raison of Nessus, had the same
difficulty with the exception statement; and was also worried that
someone could hijack his GPLed software by using this exception
statement.

	On debian-legal, we ask if it is possible to use a GPL
compatible library, such as GNU TLS, but in both cases the authors
prefered to use OpenSSL as it fit their needs better.  

	HP went to its corporate attorney, and it drafted this exception
statement, presented on debian-legal@lists.debian.org (and archived at
http://lists.debian.org/debian-legal/2002/debian-legal-200207/msg00454.html)

  In addition, as a special exception, Hewlett-Packard Company
  gives permission to link the code of this program with any
  version of the OpenSSL library which is distributed under a
  license identical to that listed in the included COPYING.OpenSSL
  file, and distribute linked combinations including the two.
  You must obey the GNU General Public License in all respects
  for all of the code used other than OpenSSL.  If you modify
  this file, you may extend this exception to your version of the
  file, but you are not obligated to do so.  If you do not wish to
  do so, delete this exception statement from your version.

	Notice how it is very similar to the FSF approved statement.
The only difference is that the license of OpenSSL is bundled with the
Free software, and referenced in the exception, so it appears that no
proprietary hijacking can occur.

	My question is: do you think this license exception is
acceptable for use?  That is, does it prevent the proprietary hijacking
of the linked GPL-incompatible library?  Can you see any flaws in this?

	As well, if you believe this is a good exception statement,
perhaps you could revise the GPL FAQ in some manner to present a
generalised version of this statement as an alternative to the one you
currently provide?  I can see how this exception may be applicable and
useful for linking with non-OpenSSL works (that is Free Software that is
sadly GPL-incompatible.)

	Thank you for your input in this complicated manner.  I hope I
have not wasted any of your time.

Yours sincerely,
	Simon Law

c.c. debian-legal@lists.debian.org


-- 
To UNSUBSCRIBE, email to debian-legal-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: