[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: licensing confusion

On Fri, Mar 05, 2004 at 03:49:10PM -0500, Andres Salomon scribbled:
> >> PHP is definitely not "mixed" (I assume you mean linked against) with
> >> GPL'd software.  Looking at the things PHP links against, all libraries
> >> are either LGPL'd or fall under some other license (even libbz2-1.0, whose
> > look at php4-gd (PHP license)- links against libfreetype6 (GPL/FTL with the 
> > latter being incompatible with GPL)
> > 
> Note that it is dual licensed; you may pick the license you choose to
> use.  Obviously, we don't choose the GPL, since it is incompatible w/ the
> PHP license.  So, we stick with the FTL.  It is true that the FTL is
> incompatible w/ the GPL, but since PHP isn't (hopefully ;) linking against
> anything that is GPL'd, we should be safe.  Of course, debian-legal exists
> to scrutinize such issues.  Linking against libfreetype should be safe.
yeah, it probably is. And the whole situation is a proof that all those
licenses make no sense at all since you can work around them in so many ways
- by dual-licensing, by creating layers of wrappers that are GPL-compatible,
by using non-linked proxy code (via IPC or Unix sockets). All that mess is
simply unnecessary bothering the developer(s) :)

> >> That run-on sentence is making my brain hurt.  One generally provides
> >> an
> > I'm sorry, English is not my native language. I hope that this fact
> > doesn't offend you.
> > 
> I didn't mean to sound condescending, I was implying that I couldn't
> understand the question.
That's ok, the whole matter is far from being clear. Everybody is using
terms in their licenses which have no clear definition (derived works,
linking) - everybody can argue as to their meaning till they're blue on
their faces, and nothing good results from it. Tough :)

> > Since it seems so easy to you, I would welcome any advice regarding
> > http://caudium.net/ and OpenSSL. The former is derived from Roxen
> > WebServer 1.3, whose copyright belongs to RIS (http://roxen.com/) which
> > company doesn't care about the old software and ignored all the attempts
> > to request copyright transfer to the Caudium Group. I'm sure you will
> > know the answer to that question and I'm grateful for it in advance,
> > 
> How much code in Caudium is from RIS?  It may be easier to simply rip out
Hm, I would say that, at this point, around 50-60%.

> those portions of the code, and rewrite it.  Otherwise, you can attempt
That's the plan for version 2 - starting from scratch with a totally
different project based on the experience and ideas from the old one. But we
still will have to maintain the old code, since that was the reason we
forked the project - and we have to keep our promisses.

> contacting RIS through other channels.  Without their explicit permission,
> however, you're pretty much stuck.
We contacted their lawyers, the company itself - all our inquiries remained
without any answer. It seems it's a waste of time trying to achieve anything
with them.

> Of course, there are alternatives to OpenSSL.  It may make the most sense
Yep, we're aware of them. The thing is we already have the OpenSSL glue for
Pike, so it would seem wise to reuse what was written saving on time (which
is a scarce resource, as always...)

> to simply use GNUTLS.  I'm not sure whether there exists an OpenSSL
> compatible API for GNUTLS, but its would be worth researching if you can't
There is one, albeit somebody who examined it claimed that it wasn't a very
interesting thing to use. One of the other alternatives is cryptlib [1],
whose license and terms are discussed on debian-legal (and debian-devel, as
you have probably noticed :)) now, since their usage
terms and the license clause #3 seem to raise doubts [2].

> get OpenSSL permission.  It helps to explain the various license issues
> with upstream, so that they can help do whatever is deemed necessary.
We've been over it with them for years... Generally, it's a sick situation -
we are the only Caudium/Roxen 1.3 upstream right now. They don't care about
the code (it's practically abandonware), so we suggested transferring the
copyright to us under the clause that we will not create commercial
competition for them (they sell Roxen as part of their Platform product -
see http://roxen.com/). As reasonable as it might seem, we never received
any answer. 



[1] http://www.cs.auckland.ac.nz/~pgut001/cryptlib/
[2] http://www.cs.auckland.ac.nz/~pgut001/cryptlib/download.html

Attachment: signature.asc
Description: Digital signature

Reply to: