[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: OpenSSL and GPLed programs

On Sat, Jun 16, 2001 at 04:03:33PM +1000, Anthony Towns wrote:
> So, anyway, we've been looking into the "crypto-in-main" issue recently,
> and someone (actually someones, probably) mentioned that the OpenSSL has
> some problems, both patent related (it includes IDEA, and some other
> patented algorithms -- Red Hat gets around this by not compiling them
> into their libssl, for reference), and GPL-related. In particular, the
> OpenSSL license is probably not GPL compatible, due to both an explicit
> "You can't use this code under the GPL"-esque clause, and two or three
> obnoxious advertising clauses.
> This doesn't make OpenSSL non-free, but it does cause problems for a
> number of packages in the archive which both appear to be under the GPL,
> and which are linked against openssl. These are:

A friend as asked me to raise some points about this topic.

First of all, the "no relicensing" requirement has caused a lot of
confusion. This is due to a misunderstanding of the way copyright law
works. The important point is that code reuse does not involve
relicensing. When one writes a program using, deriving, or integrating
OpenSSL, he will gain copyright only to what he has writen or
otherwise legally belongs to him. The copyright of OpenSSL will remain
with its authors.  Copyright law includes implicit protection against
code being "copied and put under another distribution license".

Now, it isn't implied that whatever derived work results from this
mesh of code will be legally distributable. That depends on the
compatibility of the licenses for the different pieces of code.

In summary, the clause:

 * The licence and distribution terms for any publically available version or   
 * derivative of this code cannot be changed.  i.e. this code cannot simply be  
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]

...is a no-op, as copyright law already implicity provides it. This
clause does not cause much reason for concern.

Unfortunately, there's more. A few years ago, OpenSSL became
maintained by Tim Hudson and others. Their contributions are licensed
under the original BSD license, *with the advertising clause*. This
should be the major concern when attempting to use GPL'd code with
OpenSSL. Usually, special exceptions to the GPL are used by the
copyright holders of the GPL'd package to deal with this. This is a
legal necessity, and should be enforced on the relevant Debian
packages, removing them from the archive if their copyright holders
are unwilling or unable to grant these exceptions.

OpenSSL includes two alogrithms that are patented in the United
States: IDEA and RC5. Apparently IDEA is nonessensial and is often
omited from distributions of OpenSSL. I'm not sure about RC5. Since
OpenSSL was written in Australia, there was not very much concern
about software patents. Both of these patents will take at least 10
years to expire.

Attachment: pgpzVLA6Vdwmn.pgp
Description: PGP signature

Reply to: