Jeroen Dekkers wrote: > You forget one of the big problems with OpenSSL that LibreSSL doesn't > fix: the license. It actually makes the mess even bigger, given that > some of the GPL exceptions only talk about "the OpenSSL library" and > don't exempt OpenSSL-derived code. So even if LibreSSL is a drop-in > for OpenSSL we can't replace OpenSSL with LibreSSL for those projects. Here for reference is a well-written and clear OpenSSL exception that allows linking with modified versions. "In addition, as a special exception, the Free Software Foundation gives permission to link the code of its release of Wget with the OpenSSL project's "OpenSSL" library (or with modified versions of it that use the same license as the "OpenSSL" library) Here are a few that don't explicitly mention modified versions: In addition, as a special exception, the copyright holders give permission to link the code of this library and its programs with the OpenSSL library, and distribute linked combinations including the two. This program is released under the GPL v2 with the additional exemption that compiling, linking, and/or using OpenSSL is allowed. You may provide binary packages linked to the OpenSSL libraries, provided that all other requirements of the GPL are met. I am doubtful of an argument that says these licenses don't alow linking with a modified version of OpenSSL. After all, Debian links these programs with a modified version of OpenSSL already. We also don't call it OpenSSL, but libssl1.0.0. There is only a matter of degree between this and LibreSSL so far. Perhaps they'll end up rewriting the whole thing eventually, to the extent it could be argued it's not the same thing at all. If so, they'll own the copyright of the new thing, and can fix the obnoxious OpenSSL license. :P -- see shy jo
Attachment:
signature.asc
Description: Digital signature