[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: licensing confusion

On Thu, Mar 04, 2004 at 11:53:46AM -0800, Don Armstrong scribbled:
> On Thu, 04 Mar 2004, Marek Habersack wrote:
> > On Thu, Mar 04, 2004 at 10:08:11AM -0800, Don Armstrong scribbled:
> > > You (in general) can't incorporate code which is under a license that
> > > is incompatible with the GPL to create a derivative work under the GPL
> > > unless you yourself are the copyright holder of both works in
> > > question.
> > OK, so by that token - no MPL/NPL code in Mozilla should ever use
> > any GPL code, am I right in assuming that?
> No, because such code is dual licensed in general.
I don't want to be a pain in the neck, but even if we have two source files
A and B producing object files A and B, with both of them calling (linking
to in effect) some GPL API, A being derived from B (e.g. a C++ class that
descends from a class defined in B), A being MPL and B being GPL?

> > Note, that I assume that what's written in the mozilla (debian)
> > copyright file can be understood verbatim - that _some_ files in it
> > are licensed solely under MPL/NPL (while others are dual-licensed
> > etc. etc.). Then those single-license files would affect the whole
> > binary, that's how I understand it.
> Not necesarily. The GPL only affects derived works. Presumably, these
> works licensed solely under the MPL or NPL are not derived works of a
> work licensed solely under the GPL.
So, I gather, just calling a GPL API from a GPL-incompatible

> > [T]he thing at stake is the use of OpenSSL or Cryptlib[1] in the
> > Caudium[2] project. Looking at [2], I see clauses which make
> > cryptlib not compatible with clauses #5 and #6 of the DFSG.
> Huh? I see no such clauses[1], unless you're refering to the alternate
> terms of distribution.
What made me wonder were the statements:

cryptlib is distributed under a dual license that allows free, open-source
use under a GPL-like license and closed-source use under a standard
commercial license. In addition, cryptlib is free for use in low-cost,
non-open-source applications such as shareware, and for personal and
research use. Exact terms are given at the bottom of this page.


Detailed usage Terms

cryptlib is distributed under a dual license that allows free, open-source
use under a GPL-compatible license and closed-source use under a standard
commercial license.

(which basically repeats what was underlined above)

Note that the above doesn't state whether a commercial project can choose
whichever license, but it seems to make it clear that open source is bound
to their OSI-compatible license _and_ closed-source to their commercial
license (which would break clauses #5 and #6 of DFSG, since it wouldn't be a
voluntary choice of the licensee). I might be nit picking there, but it's
better to be safe than sorry. Since they use the expression "usage terms"
that makes me think it's obligatory to obey the terms in addition to the
license. All in all, the whole legal message above is very unclear and
vague, which is why I'm asking :)

> > The license is a BSD one, that's clear, but the terms of use and
> > usage conditions seem to restrict the use to non-commercial or
> > low-cost projects.
> Cryptlib itself has it's own copyleft which on the face seems to be
> GPL compatible. [But I've only spent 2-3 minutes glancing at the
> license... closer examination is probably warranted.]
I'd love to learn whether it can be packaged for Debian and used in Caudium

> > Oh, and we cannot relicense the Caudium code, as we aren't the
> > original copyright holders of the entire code. Also, I would like to
> > know whether it's ok for me to issue an ITP for Cryptlib.
> What you need to do is file an ITP, then bring the texts of the
> licenses themselves so they can be analyzed by -legal for their DFSG
> Freeness.
Right, ok, that's what I'll do.



Attachment: signature.asc
Description: Digital signature

Reply to: