[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Compatibility of GPLv2 and Apache v2 (OpenSSL again)

Sebastian Andrzej Siewior <sebastian@breakpoint.cc> writes:

> Yes and my understanding is that every GPLv2 software, that links
> against openssl, needs such an addon.

The alternative being that the resulting work is not legally
redistributable (because the terms of both GPLv2 and the OpenSSL license
cannot be simultaneously satisfied).

So yes, the only way such a work can be distributed conforming to both
those sets of conditions if the grant of license gives *more*
permissions (such as one you state), at which it's not merely GPL any

> The wording (of the addon) was drafted on debian-legal a few years
> back.

Can you give citations to what you're referring to? there have been many
such discussions so it would help if we're both talking about the same

> So this is true for series 1.1.1 and earlier. The master branch will be
> released as 3.0 and some point. So we have some time to clarify this
> :)

Ah, so this is not a change that has happened yet. Good, thank you for
bringing it to our attention so we can discuss it :-)

> Please see 
>   https://www.openssl.org/blog/blog/2018/11/28/version/

The part of that article salient for this discussion seems to be:

    OpenSSL version 3.0.0 will be the first version that we release
    under the Apache License 2.0. We will not be applying the Apache
    License to earlier releases of OpenSSL.

That doesn't specify the grant of license so it's unclear what the total
set of conditions will be.

>   https://github.com/openssl/openssl/blob/master/LICENSE

That is a nearly-verbatim copy of the Apache License 2.0 with no legally
substantive changes (only the URL in the header changed to an HTTPS).

Merely dropping a copy of the license document doesn't tell use exactly
what is the grant of license, as many works (including OpenSSL itself,
and as you point out a lot of works that link to OpenSSL) have a complex
grant of license that incorporates some combination of conditions. It is
not enough to assume that a license document implies the entire grant of

So we will need to see what exact text is the grant of license (the text
saying something like "This is OpenSSL, Copyright © 2018 Foo Bar. You
are hereby granted freedom to do X, Y, Z under these explicit specific

Is the grant of license somewhere in the Git repository to be examined?

 \               “… correct code is great, code that crashes could use |
  `\           improvement, but incorrect code that doesn’t crash is a |
_o__)                    horrible nightmare.” —Chris Smith, 2008-08-22 |
Ben Finney

Reply to: