On Tue, 2021-10-05 at 21:04 +0200, Sebastian Andrzej Siewior wrote: > On 2021-10-05 20:03:49 [+0200], Michael Biebl wrote: > > Hi Kurt, hi Luca, hi everyone, > Hi Michael, > > > That said, I'm not a lawyer and reading license texts hurts my brain. > > So my goal is is mainly to raise awareness of this issue and seek input from > > the community. > > GPL code which linked against OpenSSL usually has a "gpl-exception > clause for OpenSSL". This should be still accepted since it refers > specifically to OpenSSL.
Many projects do not have that. Also to be extremely pedantic it needs to be checked if it just references OpenSSL as a project, or specifically the OpenSSL license which is a specific and well defined document: https://spdx.org/licenses/OpenSSL.html AFAIK there's no "standard" clause, everyone uses their own wording, more or less. More importantly, as far as I understand and I was told recently these are not transitive - ie, it's fine for an executable, but if it concerns a library, it does not "transfer" to external programs linking to that library. > Additionally OpenSSL is considered system library, see > https://bugs.debian.org/951780 > https://bugs.debian.org/972181 Even if that interpretation holds, and it's not a universal interpretation (eg: lawyers from Canonical strongly disagree as far as I know), again that applies to first-party binaries only as far as I understand. It's not as clear-cut with libraries used by third parties. The core issue as always is uncertainty: any time there are doubts and conflicting interpretations, we all lose, especially our users, and especially those that are then forced to have awkward conversations with their corporate lawyers. Which is why it's really unfortunate that , in order to fix compatibility issues with the GPL, among all the permissive licenses available out there, the OpenSSL project picked the _one_ that has serious compatibility questions with the GPL :-( But of course this doesn't mean we shouldn't move to the new version, quite the contrary - I'll simply be careful about the projects I am involved in and what it means for them and their license clarity, and what I can do to make it better, if anything. -- Kind regards, Luca Boccassi
signature.asc
Description: This is a digitally signed message part