[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

OpenSSL - GPL issue

Dear Debian-legal,

I've encountered possible OpenSSL issue, while creating package for LibRHash shared library (http://mentors.debian.net/cgi-bin/sponsor-pkglist?action=details;package=rhash ).

The LibRHash library can be compiled without functionality loss:
(1) ether without OpenSSL,
(2) or with runtime OpenSSL loading via dlopen() if OpenSSL is installed,
(3) or with constant linker dependency on OpenSSL.

The LibRHash itself is distributed under MIT-derived 'RHash License' ( http://rhash.anz.ru/license.php?l=en ) which is OpenSSL compatible.

The question is:
will GPL programs linked against LibRHash have license troubles in the (2) and (3) cases despite of not using OpenSSL directly?

Three SHA1-dependent algorithms (SHA1, BTIH, AICH) in LibRHash work 2 times faster, when OpenSSL is loaded, due to assembler optimizations. Thats why I was considering compiling the package agains OpenSSL, though don't want to limit GPL-people.

Do we need in Debian the "No SSL" packages for static, shared library and it's *-dbg package, or can avoid this by using (2) configuration?
  Best regards,

Reply to: