[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [hpoj-devel] Bug#147430: hpoj: Linking against OpenSSL licensing modification (GPL)

Richard Stallman wrote:
> I see one possible flaw: if someone includes a different COPYING.OpenSSL
> file, this notice would give permission for linking with something
> under that replaced file.  I think that's a bug.  It needs to state
> the OpenSSL license in some more reliable way.

Hi, Richard.  Thanks for the feedback.  Hopefully we can get this
resolved soon so I won't have to delay the new software release.

I grappled with this problem too, but in the end concluded that at least
it wasn't any more permissive than the statement recommended in the GPL
FAQ.  IMO it boils down to the question of how in general to prevent
somebody from modifying the license statement and hijacking one's code.
Here are some possible solutions that come to mind right away:

1. Add a statement to the top of the file LICENSE.OpenSSL saying that
since it was effectively an extension to the license statements in the
individual source files in the hpoj package, only the copyright holder(s)
of those source files (namely HP) may update the LICENSE.OpenSSL file.

2. Do away with LICENSE.OpenSSL altogether and change each exception
statement (at least in the HP-copyrighted files) to limit OpenSSL to
"those versions having a free but GPL-incompatible license as deemed
by the Free Software Foundation."

I would greatly prefer #1 if possible, because it means I only have to
change one file.  :-)  Also, #2 might be problematic with the lawyer,
who is already uncomfortable with the notion of automatically licensing
under all future versions of the GPL without being able to review them
first.  (For the record, I am in favor of the "GPL version 2 or (at
your option) any later version" provision.)


To UNSUBSCRIBE, email to debian-legal-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: