Discussion:
Compatibility of GPLv2 and Apache v2 (OpenSSL again)
Sebastian Andrzej Siewior
2018-12-04 20:22:05 UTC
Permalink
Hi,

GPL software has an exception clause in order to link against OpenSSL
which has the advertising clause. Clamav for instance has this piece:

| In addition, as a special exception, the copyright holders give
| permission to link the code of portions of this program with the
| OpenSSL library under certain conditions as described in each
| individual source file, and distribute linked combinations
| including the two.

OpenSSL upstream now switched the license from BSD style to Apache
License 2.0.
My understanding is that GPLv2 software can not be linked against Apache
v2 software due to the patent issue. GPLv3 (or GPLv2 or alter) can be
linked but that is not the issue here.

Can such an exception in GPLv2 software be used in order to link against
Apache v2 software or is this not possible anymore?

Sebastian
Ben Finney
2018-12-04 21:48:14 UTC
Permalink
Post by Sebastian Andrzej Siewior
GPL software has an exception clause in order to link against OpenSSL
which has the advertising clause.
This appears to be a statement that any work licensed under GNU GPL has
such an exception. That is not true, to my knowledge.
Right. That piece is not part of any version of the GPL; it is an
additional clause in the grant for recipients of that specific work
(ClamAV).

So each work needs to be examined for its specific grant, to see what
the full combination of effective license conditions are to the
recipient of that specific work.
Post by Sebastian Andrzej Siewior
OpenSSL upstream now switched the license from BSD style to Apache
License 2.0.
What can you cite for that change?

The official OpenSSL site contradicts that claim. According to
<URL:https://www.openssl.org/source/license.html>, OpenSSL is subject to
the conditions of the terms of both OpenSSL License and, simultaneously,
Original SSLEay License. Neither of these is Apache License 2.0.
--
\ “I have always wished for my computer to be as easy to use as |
`\ my telephone; my wish has come true because I can no longer |
_o__) figure out how to use my telephone.” —Bjarne Stroustrup |
Ben Finney
Sebastian Andrzej Siewior
2018-12-06 18:21:32 UTC
Permalink
Post by Ben Finney
Right. That piece is not part of any version of the GPL; it is an
additional clause in the grant for recipients of that specific work
(ClamAV).
Yes and my understanding is that every GPLv2 software, that links
against openssl, needs such an addon.
Post by Ben Finney
So each work needs to be examined for its specific grant, to see what
the full combination of effective license conditions are to the
recipient of that specific work.
The wording (of the addon) was drafted on debian-legal a few years back.
Post by Ben Finney
Post by Sebastian Andrzej Siewior
OpenSSL upstream now switched the license from BSD style to Apache
License 2.0.
What can you cite for that change?
The official OpenSSL site contradicts that claim. According to
<URL:https://www.openssl.org/source/license.html>, OpenSSL is subject to
the conditions of the terms of both OpenSSL License and, simultaneously,
Original SSLEay License. Neither of these is Apache License 2.0.
So this is true for series 1.1.1 and earlier. The master branch will be
released as 3.0 and some point. So we have some time to clarify this :)
Please see
https://github.com/openssl/openssl/blob/master/LICENSE
https://www.openssl.org/blog/blog/2018/11/28/version/

Sebastian

Loading...