I work on a proprietary Linux application that dynamically links to OpenSSL for some cryptographic features (www.google.com/chat/video) and I am considering switching to static linking in order to get around OpenSSL ABI compatibility issues across different Linux distributions/versions. Before doing so though I am hoping that someone can help me to better understand the acknowledgement clauses in the OpenSSL license. I have read the thread at http://www.mail-archive.com/[email protected]/msg16849.html, but it didn't completely clear things up for me.
My interpretation of clause 3 of the OpenSSL license (and similarly clause 3 of the SSLeay license) is that we only have to include the acknowledgement if/when we advertise the cryptographic features (which AFAIK we do not advertise anywhere). Since the license says at the beginning that it applies to both redistribution and _use_, it seems to me that this clause would apply to both dynamic linking and static linking equally, since both are certainly a "use" of the software. It would even apply to anyone using the OpenSSL build that Apple ships on Macs. So it seems to me that switching from dynamic linking to static linking would have no effect on our obligations under this clause. However, I'm not so sure about clause 6 of the OpenSSL license. An executable that dynamically links to OpenSSL is certainly not a redistribution of OpenSSL, but I can imagine someone making the argument that an executable that _statically_ links to OpenSSL _is_ a redistribution of OpenSSL. I am wondering what the opinion of the OpenSSL developer community is on this point. Ideally I would not like to have to add an acknowledgement into our product purely because of a change in the linking process. (It's not even clear to me where we would put the text.) Thanks, Tristan Schmelcher ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
