Re: [PATCH] Add support for OpenSSL's libcrypto as crypto backend
On Sat, 2010-04-10 at 03:32 +0300, Simos Xenitellis wrote: > On Sat, Apr 10, 2010 at 2:40 AM, Bastien Nocera wrote: > > On Fri, 2010-04-09 at 12:11 -0700, Dan Williams wrote: > >> > >> WARNING! > >> Enabling OpenSSL support may cause the combination of libnm-util and > >> GPL > >> programs to be illegal in your jurisdiction. Please check with your > >> lawyer before enabling OpenSSL support. > > > > "In your jurisdiction"? > > > > In what jurisdiction would combining incompatible licenses be fine? > > In countries that have not signed one of the copyright > treaties/conventions, etc: > http://en.wikipedia.org/wiki/List_of_parties_to_international_copyright_agreements > Admittedly, these are just a few countries. This is about "author's rights", or copyright of artistic works that would expire, not ownership of code, and conflicts within. ___ networkmanager-list mailing list networkmanager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: [PATCH] Add support for OpenSSL's libcrypto as crypto backend
On Sat, Apr 10, 2010 at 2:40 AM, Bastien Nocera wrote: > On Fri, 2010-04-09 at 12:11 -0700, Dan Williams wrote: >> >> WARNING! >> Enabling OpenSSL support may cause the combination of libnm-util and >> GPL >> programs to be illegal in your jurisdiction. Please check with your >> lawyer before enabling OpenSSL support. > > "In your jurisdiction"? > > In what jurisdiction would combining incompatible licenses be fine? In countries that have not signed one of the copyright treaties/conventions, etc: http://en.wikipedia.org/wiki/List_of_parties_to_international_copyright_agreements Admittedly, these are just a few countries. > Not sure I see the point here. FWIW, nss has boatloads of certifications > that make it usable as _the_ crypto backend for a lot of countries. Simos ___ networkmanager-list mailing list networkmanager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: [PATCH] Add support for OpenSSL's libcrypto as crypto backend
On Fri, 2010-04-09 at 12:11 -0700, Dan Williams wrote: > > WARNING! > Enabling OpenSSL support may cause the combination of libnm-util and > GPL > programs to be illegal in your jurisdiction. Please check with your > lawyer before enabling OpenSSL support. "In your jurisdiction"? In what jurisdiction would combining incompatible licenses be fine? Not sure I see the point here. FWIW, nss has boatloads of certifications that make it usable as _the_ crypto backend for a lot of countries. ___ networkmanager-list mailing list networkmanager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: [PATCH] Add support for OpenSSL's libcrypto as crypto backend
On Fri, 2010-04-09 at 13:45 +0100, Thomas Horsten wrote: > On 9 April 2010 00:48, Dan Williams wrote: > On Thu, 2010-04-08 at 19:16 +0100, Thomas Horsten wrote: > > For legal compliance and certification reasons it can be > useful to use > > a specific cryptographic backend in a product with > NetworkManager. > > > Unfortunately, it's illegal to combine OpenSSL with GPL code > unless the > code has specifically added an OpenSSL exception > (NetworkManager does > not have such an exception). So while I greatly appreciate > the work > that you've done, I feel very uneasy about accepting a patch > that when > enabled, would make distribution of the result illegal :( > > > I'm a bit confused about this now - although the COPYING file in the > libnm-utils is GPLv2, the headers of the source files for the library > all have LGPL and not GPL, and so it should be fine to link with > OpenSSL. I'm not sure though, and I don't know the history of > NetworkManager well enough to see through what's going on here, so any > clarification would be appreciated. > > > If the library is indeed LGPL though, I don't see a problem with > including the OpenSSL backend. It's not a problem if libnm-util is never used by a GPL program. But the problem comes when you install something that uses libnm-util, and is GPL. NetworkManager itself links to libnm-glib and libnm-util, as do other programs like nm-applet. Thus, if you have an OpenSSL-enabled libnm-util on your system, and you install NetworkManager, you cannot legally run NetworkManager if it is linked to that libnm-util. Would you mind modifying the patch to include a large warning in configure.ac that says something like the following when you "./configure --with-crypto=openssl": --- WARNING! Enabling OpenSSL support may cause the combination of libnm-util and GPL programs to be illegal in your jurisdiction. Please check with your lawyer before enabling OpenSSL support. --- I'll keep checking with some legal-type people for more information. I'm not necessarily against the patch, but we do need to have some sort of warning here. Thanks! Dan ___ networkmanager-list mailing list networkmanager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: [PATCH] Add support for OpenSSL's libcrypto as crypto backend
On 9 April 2010 00:48, Dan Williams wrote: > On Thu, 2010-04-08 at 19:16 +0100, Thomas Horsten wrote: > > For legal compliance and certification reasons it can be useful to use > > a specific cryptographic backend in a product with NetworkManager. > > Unfortunately, it's illegal to combine OpenSSL with GPL code unless the > code has specifically added an OpenSSL exception (NetworkManager does > not have such an exception). So while I greatly appreciate the work > that you've done, I feel very uneasy about accepting a patch that when > enabled, would make distribution of the result illegal :( > I'm a bit confused about this now - although the COPYING file in the libnm-utils is GPLv2, the headers of the source files for the library all have LGPL and not GPL, and so it should be fine to link with OpenSSL. I'm not sure though, and I don't know the history of NetworkManager well enough to see through what's going on here, so any clarification would be appreciated. If the library is indeed LGPL though, I don't see a problem with including the OpenSSL backend. Thomas ___ networkmanager-list mailing list networkmanager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: [PATCH] Add support for OpenSSL's libcrypto as crypto backend
On Thu, 2010-04-08 at 19:16 +0100, Thomas Horsten wrote: > For legal compliance and certification reasons it can be useful to use > a specific cryptographic backend in a product with NetworkManager. Unfortunately, it's illegal to combine OpenSSL with GPL code unless the code has specifically added an OpenSSL exception (NetworkManager does not have such an exception). So while I greatly appreciate the work that you've done, I feel very uneasy about accepting a patch that when enabled, would make distribution of the result illegal :( http://people.gnome.org/~markmc/openssl-and-the-gpl.html Dan > This patch adds support for using OpenSSL in addition to gnutls and > nss. I have tested it using the supplied test suite in > libnm-util/tests/test-crypto.c > > Since the patch doesn't affect the functionality if the default > cryptographic backend is used, it should be low risk to apply. > > Signed-off-by: Thomas Horsten > --- > configure.ac| 12 +- > libnm-util/Makefile.am | 11 ++ > libnm-util/crypto_openssl.c | 346 > +++ > 3 files changed, 366 insertions(+), 3 deletions(-) > create mode 100644 libnm-util/crypto_openssl.c > > > > ___ > networkmanager-list mailing list > networkmanager-list@gnome.org > http://mail.gnome.org/mailman/listinfo/networkmanager-list ___ networkmanager-list mailing list networkmanager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list