Hi,

On Sun, Jan 15, 2023 at 8:53 AM Arne Schwabe <a...@rfc2549.org> wrote:

> Am 15.01.23 um 14:23 schrieb Selva Nair:
> > Hi,
> >
> >     We would like to be able to continue to build/ship OpenVPN with mbed
> >     TLS. We want all contributors to ask if they agree to license change
> >     that adds explicit permission to link with Apache 2 licensed
> libraries:
> >
> >
> >     Special exception for linking OpenVPN with Apache 2 licensed
> libraries:
> >
> >         In addition, as a special exception, OpenVPN Inc and contributors
> >         give permission to link the code of this program to libraries
> >     with the
> >         "APACHE LICENSE, VERSION 2.0", and distribute linked combination
> >         including the two.  You must obey the GNU General Public License
> in
> >         all respects for all of the code used other than these
> >     libraries.  If
> >         you modify this file, you may extend this exception to your
> >     version of
> >         the file, but you are not obligated to do so.  If you do not
> wish to
> >         do so, delete this exception statement from your version.
> >
> >
> > Instead of this exemption I would vote for a change to 'GPL v2 or any
> > later version'.
> > That would keep the license in the spirit by which people like me
> > contributed.
> >
> > Using an existing license that has already been vetted also avoids the
> need
> > for legal counsel.
> >
> > I do not understand the argument about 'GPLv2 and later...' and embedded
> > devices. Those who
> > are currently embedding based on GPL v2 can continue to do so, those who
> > want/need v3
> > can do so too. Those who need v3 but also want to lock the firmware on a
> > consumer device
> > may be affected. But that's a choice they make, why would we want to
> > promote that?
> >
> > Some may find this discussion a waste of time but let's not belittle
> > people's contributions.
> > I do care about how my work is licensed.
>
> Okay. I think the embedded thing is a bit of a misunderstanding. I am
> not trying to promote that. What I wanted is to express why changing to
> GPLv3 might not be an option as some license holders of OpenVPN will not
> be okay with changing to GPL3 since they need that.


Thanks for the clarification. I was not aware of that.
That's very unfortunate, though. So some want to keep the loopholes of GPL
v2, and also the goodies that come with an Apache 2.0 exception, all
together!

So the situation is basically, we need somehow to still be able to link
> Apache 2.0 licensed SSL libraries. While we have an exception for
> OpenSSL, some might argue that this only covers the old OpenSSL license.
>
> So to go forward we either need to change OpenVPN 2.x to a license
> compatible with Apache 2.0 like GPL3 or adding an excerption for linking
> against Apache 2.0.
>
> At the hackathon we discussed the options and there already voices
> against going GPL3 instead of GPL2 but everyone there was okay with
> staying with GPL2 and adding an exception.
>
> This approach of taking the exception route instead of GPL3 is mostly a
> pragmatic approach to be able to have something that might have a chance
> of succeeding.


Given all that, I'll reluctantly agree to the proposed exception.

It's not critical at this stage, but the wording "...libraries with the
'APACHE LICENSE, VERSION 2.0', ..." sounds ambiguous. Is that a legally
vetted form or a draft?

Selva
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Reply via email to