Re: [PATCH] License exception for OpenSSL (was Re: Linking Nessus with OpenSSL)
On 24 May 2002, Jeff Licquia wrote:
> Simon Law wrote:
> > If that doesn't work, could we say that the OpenSSL library can
> > only be used for SSL support only?
> For a given definition of "SSL support"? :-)
> It seems to me that the best way forward is to restrict the exact
> behavior we want to restrict. So, for example, the OpenSSL exception
> could be written to say something like "you may distribute code in
> binary form linked against any OpenSSL library binary for which you
> provide complete source" or whatever; sort of a "mini-GPL" for
> third-party libraries. You'd probably want to spell out exactly what
> constitutes "providing source" for OpenSSL.
> This still allows evil people to write code with arbitrary restrictions
> and link it into OpenSSL, but since they have to distribute the source
> to their modified OpenSSL library when linking it to Nessus,
> reverse-engineering the changes to OpenSSL for inclusion into Nessus
> proper should be a piece of cake. The only case where this might be a
> problem is if the OpenSSL people themselves go evil on us, in which case
> we probably want to rethink the exception anyway and/or not link against
> newer "evil" versions of OpenSSL.
> Also, be sure to allow third-parties to drop this exception if they
> want, to preserve compatibility with straight-GPL code.
Reading through the license exception again, we only need to
worry if the OpenSSL folks get nasty on us. This is because modified
versions of OpenSSL must use the same license as OpenSSL (four-clause BSD
with OpenSSL advertising.) So, to protect us from nasty OpenSSL folks,
might we need to put in a condition that it be free software?
I've attached a suggested modification below. Comments?
In addition, as a special exception, Renaud Deraison gives
permission to link the code of this program with the OpenSSL
library (or with modified versions of OpenSSL that use the same
license as OpenSSL) if and only if this library is classified as
free software by the Debian Free Software Guidelines included
with this program, and distribute linked combinations including
this program and OpenSSL. You must obey the GNU General Public
License in all respects for all of the code used other than
OpenSSL. If you modify this file, you may extend this exception
to your version of the file, but you are not obligated to do so.
If you do not wish to do so, delete this exception statement from
THE DEBIAN FREE SOFTWARE GUIDELINES (DFSG)
1. Free Redistribution
The license of a Debian component may not restrict any party from
selling or giving away the software as a component of an
aggregate software distribution containing programs from several
different sources. The license may not require a royalty or other
fee for such sale.
2. Source Code
The program must include source code, and must allow distribution
in source code as well as compiled form.
3. Derived Works
The license must allow modifications and derived works, and must
allow them to be distributed under the same terms as the license
of the original software.
4. Integrity of The Author's Source Code
The license may restrict source-code from being distributed in
modified form _only_ if the license allows the distribution of
"patch files" with the source code for the purpose of modifying
the program at build time. The license must explicitly permit
distribution of software built from modified source code. The
license may require derived works to carry a different name or
version number from the original software. (This is a compromise.
The Debian group encourages all authors not to restrict any
files, source or binary, from being modified.)
5. No Discrimination Against Persons or Groups
The license must not discriminate against any person or group of
6. No Discrimination Against Fields of Endeavor
The license must not restrict anyone from making use of the
program in a specific field of endeavor. For example, it may not
restrict the program from being used in a business, or from being
used for genetic research.
7. Distribution of License
The rights attached to the program must apply to all to whom the
program is redistributed without the need for execution of an
additional license by those parties.
8. License Must Not Be Specific to Debian
The rights attached to the program must not depend on the
program's being part of a Debian system. If the program is
extracted from Debian and used or distributed without Debian but
otherwise within the terms of the program's license, all parties
to whom the program is redistributed should have the same rights
as those that are granted in conjunction with the Debian system.
9. License Must Not Contaminate Other Software
The license must not place restrictions on other software that is
distributed along with the licensed software. For example, the
license must not insist that all other programs distributed on
the same medium must be free software.
10. Example Licenses
The "GPL", "BSD", and "Artistic" licenses are examples of
licenses that we consider "free".
To UNSUBSCRIBE, email to firstname.lastname@example.org
with a subject of "unsubscribe". Trouble? Contact email@example.com