[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: OpenSSL bindings for Perl -- licensing questions

On 06/27/2012 09:00 AM, Guy Hulbert wrote:
> It depends what "derived from this software" means.  The only protection
> "OpenSSL" has, in itself, would be as a trademark.

I don't think this is the case, but i could be wrong.  Trademark would
be used to keep someone from marketing and unrelated product as
"OpenSSL".  In this case, it's simply the copyright license (not a
trademark) which grants the toolkit's re-use, modification, and
redistribution rights only under the constraint that:

 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.

This seems like a silly and annoying clause to me, but it's in the
license, and i think we should try to respect the authors' expressed wishes.

Given that the perl modules in question clearly contain "OpenSSL" in
their names, this appears to only be satisfied under one of the
following conditions:

 0) a perl module is not a "product"
 1) these perl modules are not "derived from" OpenSSL
 2) the OpenSSL Project has given these modules explicit permission
 3) this clause is considered unenforceable and/or somehow illegitimate

Alternately, we could choose to not accept the copyright license, by not
redistributing or using OpenSSL for these packages (though i don't know
technically how we would accomplish this).

I can't summon enough cognitive dissonance to argue for conditions 0 or
1, and i have no idea how to raise a consensus on 3, so i suspect the
simplest way forward would be (2): for the perl modules in question to
get written permission from the OpenSSL project for their names.

Maybe they've already done so -- i haven't checked!  Perhaps the debian
uploaders could verify with upstream?

I really don't think this is a trademark issue.



Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: