Re: Bacula and OpenSSL
On Thursday 19 July 2007 16:22, Shane M. Coughlan wrote:
> Dear Steve
> Steve Langasek wrote:
> > I agree that the GPLv3 is not "compatible" with the OpenSSL license, in
> > sense that code licensed under the OpenSSL license cannot be included in a
> > GPLv3 work. However, the GPLv3 does include a broader (if no more easily
> > understood) system exception clause, which seems to allow distributing
> > binaries that are /dynamically linked/ against OpenSSL. Is this not the
> > position of FSF/FSF Europe?
> I discussed this issue with Brett Smith of FSF, and as a result of this
> he wrote the following brief summary:
> We do not believe that OpenSSL qualifies as a System Library in Debian.
> The System Library definition is meant to be read narrowly, including
> only code that accompanies genuinely fundamental components of the
> system. I don't see anything to suggest that that's the case for
> OpenSSL in Debian: the package only has important priority (as opposed
> to glibc's required), there are only about 350 packages depending on it
> (as opposed to glibc's 8500), and it isn't installed on a base system.
> To put it plainly, if OpenSSL actually were a System Library, I would
> expect it to look more like one.
Thanks for following up on this. However, I am not sure that Brett answered
the "technical" point concerning the GPLv3 that was brought up by Steve.
Though I'm not sure that question really needs answering since it is likely
to lead to lots of different interpretations of subtle points as we are
currently seeing with the System Library definition.
What struck me as getting closer to the fundamental problem that I am having
is the remarks in a later email by Anthony Towns where there are apparently
360 packages on his system that would be removed if he were to remove
I see the positions of the different people who have responded to this
question about linking Bacula with OpenSSL, and though I obviously cannot
agree with everyone, since there are opposing interpretations, I can say that
each has valid points.
To me the issue is much more fundamental. Apparently the problem with OpenSSL
is one of an "onerous advertising clause", which I don't find so onerous --
so the authors want their names acknowledged for the work they did. In
reading the clause that apparently poses the problem:
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgment:
* "This product includes cryptographic software written by
* Eric Young (email@example.com)"
I have to say, that I am not completely sure what they want. I've tried to
ask the authors, but their email addresses seem to be invalid. I've tried to
ask the current OpenSSL maintainers, but they have not yet responded to my
In any case, I have added explicit acknowlegements in the LICENSE file and in
the manual. As far as I know these are the only "advertising" materials that
are used by Bacula or any of the distros, so I *think* I am in compliance
with *their* license.
Now, coming back the GPL issue. I can understand why RMS doesn't like the
OpenSSL license because of this advertising clause, but what I find *very*
hard to understand is why that concerns anyone but me and the people
distributing the binaries. We are the only ones who "suffer" from that
clause. The bottom line is that I see no harm to either the Free Software
movement nor the authors of GPLed software that I use in Bacula, if I comply
the best I can with the terms of the OpenSSL license.
Right now, license issues seem to be black and white, that is they either work
or do not work with GPL period. It seems to me that in the case of OpenSSL,
their license is not totally incompatible with GPL, it is just a bit annoying
to some people.
I don't want to imply that I encourage such licenses, but given the wide
spread usage of OpenSSL and the rather trivial nature of this "problem"
(IMO), it seems to me that the decision on whether or not software can be
linked to the OpenSSL code should be up to the persons distributing the
Because of the large number of packages where some, if not many, probably have
the same problem as Bacula, I would appreciate hearing FSF's and RMS'
position on this.
> -- Brett Smith Licensing Compliance Engineer, Free Software Foundation
> Shane Coughlan
> FTF Coordinator
> Free Software Foundation Europe
> Office: +41435000366 ext 408 / Mobile: +41792633406
> Support Free Software > http://fsfe.org