Re: Bug#147430: hpoj: Linking against OpenSSL licensing modification (GPL)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, 22 May 2002 10:40, PASCHAL,DAVID (HP-Roseville,ex1) wrote:
> Mark Purcell wrote:
> > OpenSSL (libcrypto) which maybe precluded under the
> > GPL, unless the hpoj licensing terms include a disclamer:
> > http://www.openssl.org/support/faq.html#LEGAL2
> Hi, Mark. While I don't object to linking with OpenSSL in the manner it's
> currently done with hpoj (to satistify a libsnmp dependency, where OpenSSL
> doesn't actually have any linkages into the hpoj code), I'm concerned that
> the suggested exception statement is overly broad, because it doesn't
> sufficiently define exactly what "OpenSSL" is.
Hi David,
I took that suggestion straight from the OpenSSL webpage. I would be happy
for you to define OpenSSL as you see fit. I guess you could say something
along the lines of 'as found at http://www.openssl.org' or give a specific
library version number and soname. It's really up to HP, and you as their
agent, as the HPOJ copyright holder.
> For example, what if
> somebody wrote some proprietary code, called it "OpenSSL" (even if it had
> nothing to do with what you and I know to be "OpenSSL"), and linked it
> extensively with hpoj code, effectively treating hpoj as if it were LGPL?
> Although that might seem far-fetched, I have to look out for such
> possibilities, ....
Oh I agree totally. This is about maintaining your intent as this is your
software. However by the letter of the GPL no one is currently allowed to
link OpenSSL with hpoj as OpenSSL is not GPL compatible, to allow such
linking requires express excemption from yourself. Debian is tightening up on
packages which have these linkages to ensure that the original copyright
conditions are maintained. Either way HPOJ will remain in Debian, it's just
up to you as the HPOJ author if we link to OpenSSL or not.
> What is the source of GPL incompatibility with OpenSSL in the first place?
> Is it patent-encumbered code (which I would expect Debian to disable) or
> the old-BSD-style-license "advertising clause"?
You are right we have disabled the patent-encumbered code, otherwise OpenSSL
wouldn't be in Debian at all!!
According to http://www.openssl.org/support/faq.html#LEGAL2
'Some GPL software copyright holders claim that you infringe on their rights
if you use OpenSSL with their software on operating systems that don't
normally include OpenSSL.
If you develop open source software that uses OpenSSL, you may find it useful
to choose an other license than the GPL, or state explicitly that "This
program is released under the GPL with the additional exemption that
compiling, linking, and/or using OpenSSL is allowed." If you are using GPL
software developed by others, you may want to ask the copyright holder for
permission to use their software with OpenSSL.'
We had a fairly long discussion and determined that Debian 'doesn't normally
include OpenSSL' so we are covered by the condition above.
Mark
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE863ploCzanz0IthIRAnMdAKCRHKss7sMyJzACDnxm7z8obsoFFACgjUlR
g3t4CEooC/KIKn+vJjMk9tw=
=9rhH
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to debian-legal-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: