[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

OpenSSL and GPLed programs

Hello world,

So, anyway, we've been looking into the "crypto-in-main" issue recently,
and someone (actually someones, probably) mentioned that the OpenSSL has
some problems, both patent related (it includes IDEA, and some other
patented algorithms -- Red Hat gets around this by not compiling them
into their libssl, for reference), and GPL-related. In particular, the
OpenSSL license is probably not GPL compatible, due to both an explicit
"You can't use this code under the GPL"-esque clause, and two or three
obnoxious advertising clauses.

This doesn't make OpenSSL non-free, but it does cause problems for a
number of packages in the archive which both appear to be under the GPL,
and which are linked against openssl. These are:

    althea          fetchmail-ssl   isync           lynx-ssl        stone-ssl
    apache-ssl      freeswan        kdebase-crypto  mailsync        stunnel
    cadaver         gabber-ssl      kdelibs-crypto  pavuk           tinc
    courier-ssl     gnustep-base    libpam-heimdal  postal          tunnelv
    ddt             integrit        libssrp         ssh-nonfree     vtun

For a couple of these (notably apache-ssl and ssh-nonfree) the GPL portions
are pretty much seprable from the main code (ie, the Debianization diffs in
the former, an extra script in the latter).

Probably, we should contact the authors of these packages and get
exception clauses where possible. Otherwise, we probably need to
remove many of them from the archive. Note that the exception for stuff
"distributed with the major components of the operating system" doesn't
apply if we distribute both the executable and the libarary in Debian.
It probably does apply for third-parties, though, fwiw.

There's comments on this on the OpenSSL FAQ at

There's also a brief comment about BSDish advertising clauses on the
FSF site.


Anthony Towns <aj@humbug.org.au> <http://azure.humbug.org.au/~aj/>
I don't speak for anyone save myself. GPG signed mail preferred.

``_Any_ increase in interface difficulty, in exchange for a benefit you
  do not understand, cannot perceive, or don't care about, is too much.''
                      -- John S. Novak, III (The Humblest Man on the Net)

Attachment: pgporCD5Y_0lx.pgp
Description: PGP signature

Reply to: