Marc-Andre Lemburg <m...@egenix.com> added the comment: Martin v. Löwis wrote: > > Martin v. Löwis <mar...@v.loewis.de> added the comment: > >>> Which specific clause of the license do you consider violated? >> >> * 3. All advertising materials mentioning features or use of this >> * software must display the following acknowledgment: >> * "This product includes software developed by the OpenSSL Project >> * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" > > I fail to see the violation, or how changing the download page could > fix that. The download page is *not* "advertising material mentioning > features or use of this software". In fact, the download page doesn't > refer to SSL at all. Hence there is no obligation to mention OpenSSL > on the download page. > >> * 3. All advertising materials mentioning features or use of this software >> * must display the following acknowledgement: >> * "This product includes cryptographic software written by >> * Eric Young (e...@cryptsoft.com)" > > Likewise.
The license only permits you to use and distribute OpenSSL under the conditions mentioned in the license. Since we are not following those old-style BSD license requirements (which are unfortunate), we are not allowed to use the software: The python.org site is full of references to OpenSSL. Most prominently in the documentation of the ssl and hashlib modules, but also in the release notes/news and other files. By contrast, the name "Eric Young" does not appear anywhere on the site (according to a Google search). We can remedy this easily, but putting the notices on the download pages. Perhaps just putting them into the documentation is already good enough. >> * 4. If you include any Windows specific code (or a derivative thereof) from >> * the apps directory (application code) you must include an >> acknowledgement: >> * "This product includes software written by Tim Hudson >> (t...@cryptsoft.com)" > > This doesn't apply: we don't include any code (Windows specific or not) > from the apps directory. Ok, so we don't have to add this part. >> I'd suggest to add a paragraph like this to the release pages: > > -1, unless the PSF lawyer advises that such a paragraph is indeed > necessary. It may shy away users from using Python, which is clearly > undesirable. So you'd rather have some users get in trouble for downloading and using crypto software, due import laws or domestic laws restricting its use in their country ? Deliberately hiding this information from the user, doesn't sound like a good approach to the problem. However, I agree that this is a question to ask the PSF board. There's probably a better wording for such a text, but some kind of note of caution needs to go on the website. ---------- title: Python download page needs to mention crypto code in Windows installer -> Python download page needs to mention crypto code in Windows installer _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue9119> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
