On 10/6/2010 10:24 PM, Pierre DELAAGE wrote:
I cannit answer to all the point but at least I can comment
the redistribution one :
To my point of view, a static linking is NOT a redistribution,
just because the liked library is not usable by the end user.
It most certainly is a re-distribution. You have received the
copyrighted work and then you distributed it to someone else.
To an extreme extent, the end user is not necessarily aware that the
product contains
a static version of ssl lib, and even so he/she is not necessarily aware
of what is it and
what he/she could do with it if this lib was ...directly accessible as a
dll, which it is NOT !
That's not relevant for two reasons. First, it's not relevant because
user knowledge or access is not a criterion for testing of something is
a re-distribution. Second, even if user knowledge and access were
required, his code is joined to OpenSSL by the linker, and his code is
known and usable. There is absolutely no rational reason it should
matter what part of the joined code is known and usable, once joined,
they are one.
What I mean is that redistributing something as embedded in a product
is not opening its free usage
by the end user.
It sure is, they are fully free to use the combined work. The whole
point of a combined work is that the parts are combined. You can't say
you're using one part and not another -- they are combined.
The user has free usage of the combined work. The combined work includes
OpenSSL. Full stop.
The product received is NOT the same as the product
used by the developper,
Doesn't matter. It's the same work. Static linking fuses two works into
a single work that is legally both works linked.
To give you an analogy, image a graphic work that consists of two sides,
each with an image. If I take two such works and glue them back-to-back,
that's like what static linking does. The result is a single two-sided
work that contains protectable elements from both input works. It is
legally both original works.
and has often less features (as your product does not expose to end
users all the functionnalities of the original
openssl lib.
Doesn't matter. If I get the source code to Windows and remove a bunch
of featured, and compile the result, I can't give it away to all my friends.
Even more if redistributing as embedded was redistributing, then it
would allow the end user to do the same thing as yourself,
I mean the same usage of the library: and this is impossible.
Huh? Redistributing simply means you are distributing a work that
contains protectable elements (those that can be covered by copyright)
from the original work.
Your focus on function is totally mistaken. In fact, function is the one
thing copyright *cannot* cover. Functional elements are irrelevant for
copyright purposes. Copyright protects creative choices, not hard work
or functional capability.
More over it would allow him to redistribute openssl again but it is
also impossible because openssl lib has been embedded,
ie hidden in some way, in your application.
Huh?
The only way the end user could propagate openssl would be to
redistribute your whole application :
this depends on your own license, but would not lead anyway to a
usable full featured lib.
Doesn't matter. Copyright is about creative choices, not function. The
creative choices made by the OpenSSL developers are in the
statically-linked work.
Finally, I would say that in fact dynamic linking is the scenario most
closed to redistribution than static linking :
because it allows, at least technically, a possible distribution of a
copy of a dll.
Huh? Either you distribute the DLL or you don't.
DS
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
