[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: openssl and GPL

On Sun, Apr 21, 2002 at 04:15:09PM +1000, Brian May wrote:
> Hello,

> I am still a bit confused as to the problems with
> linking GPL code with OPENSSL. I don't intend to start
> any flame wars...

> Please send CCs to me. Thanks.

> If there is somewhere I can find this information, URLs
> would be appreciated.

> 1. What is the problem? I have read the GPL, and cannot recall the
> problem. According to the top of /usr/doc/openssl/copyright,
> openssl has a dual BSD style license. I haven't heard of problems
> linking GPL code with BSD code before. So why is this different?

There have always been problems linking GPL code with BSD code, so long
as the GPL has existed.  Only code licensed under the new,
recently revised BSD license can be linked with GPL code.  OpenSSL 
doesn't use such a new-style BSD license.

> 2. Is <URL:http://www.openssl.org/support/faq.html#LEGAL> wrong? ie.
> "the GPL does not place restrictions on using libraries that are part of
> the normal operating system distribution".

The actual wording of the GPL in this regard is

  The source code for a work means the preferred form of the work for
  making modifications to it.  For an executable work, complete source
  code means all the source code for all modules it contains, plus any
  associated interface definition files, plus the scripts used to
  control compilation and installation of the executable.  However, as a
  special exception, the source code distributed need not include
  anything that is normally distributed (in either source or binary
  form) with the major components (compiler, kernel, and so on) of the
  operating system on which the executable runs, unless that component
  itself accompanies the executable.

The current interpretation of this accepted by Debian, which I've been
unable to find fault with, is that if your operating system comes with
OpenSSL, it's ok to link *third-party* GPLed works against it; but if
you distribute a GPLed work together with the libraries it depends on,
even as part of an OS distribution (such as Debian), then those
libraries must all be licensed in a manner that's compatible with the

> I normally like the GPL, but I find it a bit irratating that I can't
> take some GPL program, and link it against Heimdal (which happens to
> be linked against OpenSSL), without express permission from all the
> copyright holders of the GPL software. In fact, I would argue that this
> goes against the goals of the GPL.

The goals of the GPL are to ensure the greatest net level of software
freedom, by trading certain user freedoms (unlimited use of the source
code) for others (guaranteed availability of the source code of derived
works).  As such, I don't think it's ever in conflict with the goals of
the GPL to prevent linking with code that doesn't provide users with the
same set of freedoms that the GPL itself does (or a superset thereof).
You may argue that you place greater value on the freedoms that
BSD-style licenses give you, but by virtue of the advertising clause,
the OpenSSL license nevertheless lacks one freedom that the GPL insists
on; and as such, it's incompatible.

Given the long history of the GPL as a license, and the fact that it has
undergone revisions in the past, I think it's awkward to argue that it
doesn't really say what its authors meant for it to say.  Rather, I see
the GPL as a principal source of insight into the goals of its authors.

Steve Langasek
postmodern programmer

Attachment: pgpwIHt6A0miC.pgp
Description: PGP signature

Reply to: