[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bacula and OpenSSL



Hello Shane,

On Thursday 19 July 2007 16:22, Shane M. Coughlan wrote:
> Dear Steve
> 
> Steve Langasek wrote:
> > I agree that the GPLv3 is not "compatible" with the OpenSSL license, in 
the
> > sense that code licensed under the OpenSSL license cannot be included in a
> > GPLv3 work.  However, the GPLv3 does include a broader (if no more easily
> > understood) system exception clause, which seems to allow distributing 
GPLv3
> > binaries that are /dynamically linked/ against OpenSSL.  Is this not the
> > position of FSF/FSF Europe?
> 
> I discussed this issue with Brett Smith of FSF, and as a result of this
> he wrote the following brief summary:
> 
> ===
> 
> We do not believe that OpenSSL qualifies as a System Library in Debian.
> The System Library definition is meant to be read narrowly, including
> only code that accompanies genuinely fundamental components of the
> system.  I don't see anything to suggest that that's the case for
> OpenSSL in Debian: the package only has important priority (as opposed
> to glibc's required), there are only about 350 packages depending on it
> (as opposed to glibc's 8500), and it isn't installed on a base system.
> To put it plainly, if OpenSSL actually were a System Library, I would
> expect it to look more like one.

Thanks for following up on this.  However, I am not sure that Brett answered 
the "technical" point concerning the GPLv3 that was brought up by Steve.  
Though I'm not sure that question really needs answering since it is likely 
to lead to lots of different interpretations of subtle points as we are 
currently seeing with the System Library definition.

What struck me as getting closer to the fundamental problem that I am having 
is the remarks in a later email by Anthony Towns where there are apparently 
360 packages on his system that would be removed if he were to remove 
OpenSSL.

I see the positions of the different people who have responded to this 
question about linking Bacula with OpenSSL, and though I obviously cannot 
agree with everyone, since there are opposing interpretations, I can say that 
each has valid points.

To me the issue is much more fundamental.  Apparently the problem with OpenSSL 
is one of an "onerous advertising clause", which I don't find so onerous -- 
so the authors want their names acknowledged for the work they did.  In 
reading the clause that apparently poses the problem:

  *  3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgment:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"

I have to say, that I am not completely sure what they want.  I've tried to 
ask the authors, but their email addresses seem to be invalid.  I've tried to 
ask the current OpenSSL maintainers, but they have not yet responded to my 
email.  

In any case, I have added explicit acknowlegements in the LICENSE file and in 
the manual.  As far as I know these are the only "advertising" materials that 
are used by Bacula or any of the distros, so I *think* I am in compliance 
with *their* license.

Now, coming back the GPL issue.  I can understand why RMS doesn't like the 
OpenSSL license because of this advertising clause, but what I find *very* 
hard to understand is why that concerns anyone but me and the people 
distributing the binaries.  We are the only ones who "suffer" from that 
clause.  The bottom line is that I see no harm to either the Free Software 
movement nor the authors of GPLed software that I use in Bacula, if I comply 
the best I can with the terms of the OpenSSL license.

Right now, license issues seem to be black and white, that is they either work 
or do not work with GPL period.  It seems to me that in the case of OpenSSL, 
their license is not totally incompatible with GPL, it is just a bit annoying 
to some people. 

I don't want to imply that I encourage such licenses, but given the wide 
spread usage of OpenSSL and the rather trivial nature of this "problem" 
(IMO), it seems to me that the decision on whether or not software can be 
linked to the OpenSSL code should be up to the persons distributing the 
binaries.

Because of the large number of packages where some, if not many, probably have 
the same problem as Bacula, I would appreciate hearing FSF's and RMS' 
position on this.

Best regards,

Kern

> 
> -- Brett Smith Licensing Compliance Engineer, Free Software Foundation
> 
> ===
> 
> Regards
> 
> Shane
> 
> --
> Shane Coughlan
> FTF Coordinator
> Free Software Foundation Europe
> Office: +41435000366 ext 408 / Mobile: +41792633406
> coughlan@fsfeurope.org
> Support Free Software > http://fsfe.org
> 



Reply to: