Jeroen Dekkers wrote:
> You forget one of the big problems with OpenSSL that LibreSSL doesn't
> fix: the license. It actually makes the mess even bigger, given that
> some of the GPL exceptions only talk about "the OpenSSL library" and
> don't exempt OpenSSL-derived code. So even if LibreSSL is a drop-in
> for OpenSSL we can't replace OpenSSL with LibreSSL for those projects.
Here for reference is a well-written and clear OpenSSL exception that
allows linking with modified versions.
"In addition, as a special exception, the Free Software Foundation
gives permission to link the code of its release of Wget with the
OpenSSL project's "OpenSSL" library (or with modified versions of it
that use the same license as the "OpenSSL" library)
Here are a few that don't explicitly mention modified versions:
In addition, as a special exception, the copyright holders give
permission to link the code of this library and its programs with the
OpenSSL library, and distribute linked combinations including the two.
This program is released under the GPL v2 with the additional exemption
that compiling, linking, and/or using OpenSSL is allowed. You may
provide binary packages linked to the OpenSSL libraries, provided that
all other requirements of the GPL are met.
I am doubtful of an argument that says these licenses don't alow linking
with a modified version of OpenSSL. After all, Debian links these programs
with a modified version of OpenSSL already. We also don't call it OpenSSL,
but libssl1.0.0. There is only a matter of degree between this and LibreSSL
so far.
Perhaps they'll end up rewriting the whole thing eventually, to the extent
it could be argued it's not the same thing at all. If so, they'll own the
copyright of the new thing, and can fix the obnoxious OpenSSL license. :P
--
see shy jo
Attachment:
signature.asc
Description: Digital signature