Discussion:
legal implications of linking to libssl/openssl
(too old to reply)
Sandro Tosi
2018-05-06 00:39:52 UTC
Permalink
Hello,
in transmission we received a bug[1] about excessive memory usage with our
current library (libcurl3-gnutls) which is reported fixed[2] by replacing
it with its openssl counterpart (libcurl4-openssl).

I know there were issues linking with openssl, but i dont know if it's
still accurate, so i would like to ask the list: is it ok from a legal pov
to switch from gnutls to openssl for transmission?

please CC me on replies as i'm not subscribed

thanks!

[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865624
[2]
https://github.com/transmission/transmission/issues/313#issuecomment-332543087

--
Sandro "morph" Tosi
My website: http://sandrotosi.me/
Me at Debian: http://wiki.debian.org/SandroTosi
G+: https://plus.google.com/u/0/+SandroTosi
Paul Wise
2018-05-06 02:23:03 UTC
Permalink
Post by Sandro Tosi
I know there were issues linking with openssl, but i dont know if it's
still accurate, so i would like to ask the list: is it ok from a legal pov
to switch from gnutls to openssl for transmission?
The situation is currently unchanged, the OpenSSL license is
incompatible with the GNU GPL family of licenses and an exception is
needed to allow combining code under those licenses and OpenSSL in the
same work.

https://people.gnome.org/~markmc/openssl-and-the-gpl.html

In the (very) near future, OpenSSL is planning to switch to the Apache
2 license, which is compatible with GPLv3 but not GPLv2. So code under
GPLv3-only, GPLv3+ and GPLv2+ licenses will be compatible with the new
license but GPLv2-only code will require an exception as before. The
standard exception used for the current license looks like it will
also be fine under the new license.

https://www.openssl.org/blog/blog/2017/03/22/license/
https://license.openssl.org/
https://www.openssl.org/blog/blog/2018/03/01/last-license/
--
bye,
pabs

https://wiki.debian.org/PaulWise
Sandro Tosi
2018-05-06 04:08:26 UTC
Permalink
Post by Paul Wise
The situation is currently unchanged, the OpenSSL license is
incompatible with the GNU GPL family of licenses and an exception is
needed to allow combining code under those licenses and OpenSSL in the
same work.
https://people.gnome.org/~markmc/openssl-and-the-gpl.html
thanks Paul, i'll talk with upstream about adding such an exception to
transmission.
--
Sandro "morph" Tosi
My website: http://sandrotosi.me/
Me at Debian: http://wiki.debian.org/SandroTosi
G+: https://plus.google.com/u/0/+SandroTosi
Francesco Poli
2018-05-06 07:53:12 UTC
Permalink
Post by Sandro Tosi
Post by Paul Wise
The situation is currently unchanged, the OpenSSL license is
incompatible with the GNU GPL family of licenses and an exception is
needed to allow combining code under those licenses and OpenSSL in the
same work.
https://people.gnome.org/~markmc/openssl-and-the-gpl.html
thanks Paul, i'll talk with upstream about adding such an exception to
transmission.
I would like to add that an exception will also be needed for other
GPL-licensed libraries (directly or indirectly) linked with
transmission, if any...

Moreover, I see that libssl1.1 is already among the dependencies of
transmission: is the program already linked with OpenSSL, without a
proper licensing exception?
--
http://www.inventati.org/frx/
There's not a second to spare! To the laboratory!
..................................................... Francesco Poli .
GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE
Loading...