[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Compatibility of GPLv2 and Apache v2 (OpenSSL again)

On December 7, 2018 6:04:22 AM UTC, Ben Finney <bignose@debian.org> wrote:
>Sebastian Andrzej Siewior <sebastian@breakpoint.cc> writes:
>> The wording (of the addon) was drafted on debian-legal a few years
>> back.
>Can you give citations to what you're referring to? there have been
>such discussions so it would help if we're both talking about the same

For the openssl license with advertising and GPL:

>The part of that article salient for this discussion seems to be:
>    OpenSSL version 3.0.0 will be the first version that we release
>    under the Apache License 2.0. We will not be applying the Apache
>    License to earlier releases of OpenSSL.
>That doesn't specify the grant of license so it's unclear what the
>set of conditions will be.


>>   https://github.com/openssl/openssl/blob/master/LICENSE
>That is a nearly-verbatim copy of the Apache License 2.0 with no
>substantive changes (only the URL in the header changed to an HTTPS).
>Merely dropping a copy of the license document doesn't tell use exactly
>what is the grant of license, as many works (including OpenSSL itself,
>and as you point out a lot of works that link to OpenSSL) have a
>grant of license that incorporates some combination of conditions. It
>not enough to assume that a license document implies the entire grant
>So we will need to see what exact text is the grant of license (the
>saying something like "This is OpenSSL, Copyright © 2018 Foo Bar. You
>are hereby granted freedom to do X, Y, Z under these explicit specific
>Is the grant of license somewhere in the Git repository to be examined?

So the readme file

has this:

The OpenSSL toolkit is licensed under the Apache License 2.0, which means

 that you are free to get and use it for commercial and non-commercial

 purposes as long as you fulfill its conditions.

Is this enough or should upstream add more to this?


Reply to: