[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [PATCH] License exception for OpenSSL (was Re: Linking Nessus with OpenSSL)

On 24 May 2002, Jeff Licquia wrote:
> Simon Law wrote:
> > 	If that doesn't work, could we say that the OpenSSL library can
> > only be used for SSL support only?
> For a given definition of "SSL support"? :-)
> It seems to me that the best way forward is to restrict the exact
> behavior we want to restrict.  So, for example, the OpenSSL exception
> could be written to say something like "you may distribute code in
> binary form linked against any OpenSSL library binary for which you
> provide complete source" or whatever; sort of a "mini-GPL" for
> third-party libraries.  You'd probably want to spell out exactly what
> constitutes "providing source" for OpenSSL.
> This still allows evil people to write code with arbitrary restrictions
> and link it into OpenSSL, but since they have to distribute the source
> to their modified OpenSSL library when linking it to Nessus,
> reverse-engineering the changes to OpenSSL for inclusion into Nessus
> proper should be a piece of cake.  The only case where this might be a
> problem is if the OpenSSL people themselves go evil on us, in which case
> we probably want to rethink the exception anyway and/or not link against
> newer "evil" versions of OpenSSL.
> Also, be sure to allow third-parties to drop this exception if they
> want, to preserve compatibility with straight-GPL code.

	Reading through the license exception again, we only need to
worry if the OpenSSL folks get nasty on us.  This is because modified
versions of OpenSSL must use the same license as OpenSSL (four-clause BSD
with OpenSSL advertising.)  So, to protect us from nasty OpenSSL folks,
might we need to put in a condition that it be free software?

	I've attached a suggested modification below.  Comments?


    In addition, as a special exception, Renaud Deraison gives
    permission to link the code of this program with the OpenSSL
    library (or with modified versions of OpenSSL that use the same
    license as OpenSSL) if and only if this library is classified as
    free software by the Debian Free Software Guidelines included
    with this program, and distribute linked combinations including
    this program and OpenSSL.  You must obey the GNU General Public
    License in all respects for all of the code used other than
    OpenSSL.  If you modify this file, you may extend this exception
    to your version of the file, but you are not obligated to do so.
    If you do not wish to do so, delete this exception statement from
    your version.
    1.  Free Redistribution 
    The license of a Debian component may not restrict any party from
    selling or giving away the software as a component of an
    aggregate software distribution containing programs from several
    different sources. The license may not require a royalty or other
    fee for such sale.
    2.  Source Code 
    The program must include source code, and must allow distribution
    in source code as well as compiled form.
    3.  Derived Works 
    The license must allow modifications and derived works, and must
    allow them to be distributed under the same terms as the license
    of the original software.
    4.  Integrity of The Author's Source Code 
    The license may restrict source-code from being distributed in
    modified form _only_ if the license allows the distribution of
    "patch files" with the source code for the purpose of modifying
    the program at build time.  The license must explicitly permit
    distribution of software built from modified source code. The
    license may require derived works to carry a different name or
    version number from the original software. (This is a compromise.
    The Debian group encourages all authors not to restrict any
    files, source or binary, from being modified.)
    5.  No Discrimination Against Persons or Groups 
    The license must not discriminate against any person or group of
    6.  No Discrimination Against Fields of Endeavor 
    The license must not restrict anyone from making use of the
    program in a specific field of endeavor. For example, it may not
    restrict the program from being used in a business, or from being
    used for genetic research.
    7.  Distribution of License 
    The rights attached to the program must apply to all to whom the
    program is redistributed without the need for execution of an
    additional license by those parties.
    8.  License Must Not Be Specific to Debian 
    The rights attached to the program must not depend on the
    program's being part of a Debian system. If the program is
    extracted from Debian and used or distributed without Debian but
    otherwise within the terms of the program's license, all parties
    to whom the program is redistributed should have the same rights
    as those that are granted in conjunction with the Debian system.
    9.  License Must Not Contaminate Other Software 
    The license must not place restrictions on other software that is
    distributed along with the licensed software. For example, the
    license must not insist that all other programs distributed on
    the same medium must be free software.
    10. Example Licenses 
    The "GPL", "BSD", and "Artistic" licenses are examples of
    licenses that we consider "free". 

To UNSUBSCRIBE, email to debian-legal-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: