First of all, I apologise for the long delay. I got distracted by illness, work etc.
I see this discussion has progressed a bit since then. I’ll try to weave the new parts of the thread into my old draft. Dne četrtek, 09. avgust 2018 ob 15:43:15 CEST je James Bottomley napisal(a): > Sure ... as a lawyer just tell me if the form of words achieves what I > need and is optimal. As you know, you cannot get legal advice from either this (or other) public mailing list, but here’s my personal take on it. :) Here is the original openvpn-openssl-exception as listed by SPDX (highlighted are portions that differ between this and wget variation; I added manual line breaks for easier legibility): “_Special exception for linking OpenVPN with OpenSSL:_ In addition, as a special exception, _OpenVPN Technologies, Inc._ gives permission to link the code of _this program_ with the OpenSSL _Library_ (or with modified versions of _OpenSSL_ that use the same license as _OpenSSL_), and distribute _linked combinations including the two._ You must obey the GNU General Public License in all respects for all of the code used other than _OpenSSL._ If you modify this file, you may extend this exception to your version of the file, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version.” As a separate example in the wild, I will use wget as an example, as it quite a popular tool as well as a GNU project and therefore under the ægis of FSF. So it may be supposed that they took extra care for the exception to be compatible with (their interpretation of) the GPL. See e.g. in `README` of wget-1.10.2, which was under GPL-2.0-or- later: “In addition, as a special exception, _the Free Software Foundation_ gives permission to link the code of _its release of Wget_ with the OpenSSL _project's "OpenSSL" library_ (or with modified versions of _it_ that use the same license as _the "OpenSSL"_ _library_), and distribute _the linked executables._ You must obey the GNU General Public License in all respects for all of the code used other than _"OpenSSL"._ If you modify this file, you may extend this exception to your version of the file, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version.” … which looks fairly similar. Deluge’s example that Calum suggested looks very similar as well. Althought it does abstract the “copyright holders”. Now in `README` of wget-1.19, which is under GPL-3.0-or-later you can find a newer variation, with the text adapted quite a lot (a diff does not help here much): “Additional permission under GNU GPL version 3 section 7 If you modify this program, or any covered work, by linking or combining it with the OpenSSL project's OpenSSL library (or a modified version of that library), containing parts covered by the terms of the OpenSSL or SSLeay licenses, the Free Software Foundation grants you additional permission to convey the resulting work. Corresponding Source for a non-source form of such a combination shall include the source code for the parts of OpenSSL used as well as that of the covered work.” James’ suggestion on the other hand is much shorter: “as an additional permission combining this work with OpenSSL via linking does not create a derivative work of this work.” As they are much more different from the original OpenVPN OpenSSL Exception, I doubt we could accept it as a variation of it. Also, the question what is or isn’t derivative work sounds like being a bit outside author’s possibility to claim. For a truly generic “OpenSSL” exception template that we don’t need to add over and over again, I would think, what would be needed is that it’s: • agnostic of the copyright holders and the project it is attached to (as its outbound license) • agnostic of the project that is being linked to – at least in its template form • works with both GPL-2.0 and GPL-3.0 (e.g. for GPL-2.0-or-later projects) I think Alexios’ suggestion to templetise the openvpn-openssl- exception very well meets the first two requirements¹. The question remains what to do with GPL-3.0(-or-later) compatibility. Here is a little franken-exception-monster that I stitched together: “If you modify this program, or any covered work, by linking or combining it with <SoftwareProduct> (or a modified version of <SoftwareProduct>), <CopyrightHolder> grants you additional permission to convey the resulting work. Corresponding Source for a non-source form of such a combination shall include the source code for the parts of <SoftwareProduct> used as well as that of the covered work. If you modify this file, you may extend this exception (“Additional permission” under GPL-3.0, section 7) to your version of the file, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version.” It is not pretty and still holds some GPL-3.0-specific language, but might be a start to make an exception compatbile with both GPL-2.0 and GPL-3.0. … but at end, how far can we stretch it without getting it to be as generic as the Universal FOSS Exception: https://oss.oracle.com/licenses/universal-foss-exception/ Another approach, that is not as elegant to implement in a project, but much more elegant to pull into SPDX, would be to: • templetise the openvpn-openssl-exception • store the new Wget execption (in a templetised form) as wget- openssl-exception or wget-gpl-3.0-openssl-exception and state that it is typically applied to GPL-3.0-only, GPL-3.0-or-later • have GPL-2.0-or-later projects apply the exception as (GPL-2.0-or-later with (openvpn-openssl-exception or wget-openssl- exception)); or ((GPL-2.0-only with openvpn-openssl-exception) or (GPL-3.0-or- later with wget-openssl-exception)); or some other combination cheers, Matija — 1 And I think we should take some time to templetise any licenses and exceptions in SPDX that we haven’t yet before (or in a long time). -- gsm: +386 41 849 552 www: http://matija.suklje.name xmpp: matija.suk...@gabbler.org sip: matija_suk...@ippi.fr -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#2393): https://lists.spdx.org/g/Spdx-legal/message/2393 Mute This Topic: https://lists.spdx.org/mt/24235315/21656 Group Owner: spdx-legal+ow...@lists.spdx.org Unsubscribe: https://lists.spdx.org/g/Spdx-legal/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
