OpenSSL and GPLed programs

To: debian-legal@lists.debian.org
Subject: OpenSSL and GPLed programs
From: Anthony Towns <aj@azure.humbug.org.au>
Date: Sat, 16 Jun 2001 16:03:33 +1000
Message-id: <20010616160333.A21471@azure.humbug.org.au>
Mail-followup-to: debian-legal@lists.debian.org

Hello world,

So, anyway, we've been looking into the "crypto-in-main" issue recently,
and someone (actually someones, probably) mentioned that the OpenSSL has
some problems, both patent related (it includes IDEA, and some other
patented algorithms -- Red Hat gets around this by not compiling them
into their libssl, for reference), and GPL-related. In particular, the
OpenSSL license is probably not GPL compatible, due to both an explicit
"You can't use this code under the GPL"-esque clause, and two or three
obnoxious advertising clauses.

This doesn't make OpenSSL non-free, but it does cause problems for a
number of packages in the archive which both appear to be under the GPL,
and which are linked against openssl. These are:

    althea          fetchmail-ssl   isync           lynx-ssl        stone-ssl
    apache-ssl      freeswan        kdebase-crypto  mailsync        stunnel
    cadaver         gabber-ssl      kdelibs-crypto  pavuk           tinc
    courier-ssl     gnustep-base    libpam-heimdal  postal          tunnelv
    ddt             integrit        libssrp         ssh-nonfree     vtun

For a couple of these (notably apache-ssl and ssh-nonfree) the GPL portions
are pretty much seprable from the main code (ie, the Debianization diffs in
the former, an extra script in the latter).

Probably, we should contact the authors of these packages and get
exception clauses where possible. Otherwise, we probably need to
remove many of them from the archive. Note that the exception for stuff
"distributed with the major components of the operating system" doesn't
apply if we distribute both the executable and the libarary in Debian.
It probably does apply for third-parties, though, fwiw.

There's comments on this on the OpenSSL FAQ at
  http://www.openssl.org/support/faq.html#LEGAL2

There's also a brief comment about BSDish advertising clauses on the
FSF site.

Cheers,
aj

-- 
Anthony Towns <aj@humbug.org.au> <http://azure.humbug.org.au/~aj/>
I don't speak for anyone save myself. GPG signed mail preferred.

``_Any_ increase in interface difficulty, in exchange for a benefit you
  do not understand, cannot perceive, or don't care about, is too much.''
                      -- John S. Novak, III (The Humblest Man on the Net)

Attachment: pgporCD5Y_0lx.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: OpenSSL and GPLed programs
  - From: Aaron Lehmann <aaronl@vitelus.com>
- Re: OpenSSL and GPLed programs
  - From: Peter Makholm <peter@makholm.net>
- Re: OpenSSL and GPLed programs
  - From: Mark Wielaard <mark@klomp.org>
- Re: OpenSSL and GPLed programs
  - From: "Wesley W. Terpstra" <terpstra@javien.org>
- Re: OpenSSL and GPLed programs
  - From: Sam Hartman <hartmans@debian.org>
- Re: OpenSSL and GPLed programs
  - From: Jimmy Kaplowitz <jimmy@kaplowitz.org>
- Re: OpenSSL and GPLed programs
  - From: Aaron Lehmann <aaronl@vitelus.com>

Prev by Date: Re: Question about the old BSD license and GPL (gtkipmsg)
Next by Date: Re: OpenSSL and GPLed programs
Previous by thread: Re: facultative linking and libraries. ...
Next by thread: Re: OpenSSL and GPLed programs
Index(es):
- Date
- Thread