Re: Bacula and OpenSSL (original) (raw)

• To: coughlan@fsfeurope.org
• Cc: debian-legal@lists.debian.org, John Goerzen <jgoerzen@complete.org>
• Subject: Re: Bacula and OpenSSL
• From: Kern Sibbald <kern@sibbald.com>
• Date: Fri, 20 Jul 2007 12:10:45 +0200
• Message-id: <[🔎] 200707201210.45474.kern@sibbald.com>
• In-reply-to: <[🔎] 469F738E.4010209@fsfeurope.org>
• References: <[🔎] 200707121641.53917.kern@sibbald.com> <[🔎] 20070712182916.GB15906@dario.dodds.net> <[🔎] 469F738E.4010209@fsfeurope.org>

Hello Shane,

On Thursday 19 July 2007 16:22, Shane M. Coughlan wrote:

Dear Steve

Steve Langasek wrote:

I agree that the GPLv3 is not "compatible" with the OpenSSL license, in the sense that code licensed under the OpenSSL license cannot be included in a GPLv3 work. However, the GPLv3 does include a broader (if no more easily understood) system exception clause, which seems to allow distributing GPLv3 binaries that are /dynamically linked/ against OpenSSL. Is this not the position of FSF/FSF Europe?

I discussed this issue with Brett Smith of FSF, and as a result of this he wrote the following brief summary:

===

We do not believe that OpenSSL qualifies as a System Library in Debian. The System Library definition is meant to be read narrowly, including only code that accompanies genuinely fundamental components of the system. I don't see anything to suggest that that's the case for OpenSSL in Debian: the package only has important priority (as opposed to glibc's required), there are only about 350 packages depending on it (as opposed to glibc's 8500), and it isn't installed on a base system. To put it plainly, if OpenSSL actually were a System Library, I would expect it to look more like one.

Thanks for following up on this. However, I am not sure that Brett answered the "technical" point concerning the GPLv3 that was brought up by Steve.
Though I'm not sure that question really needs answering since it is likely to lead to lots of different interpretations of subtle points as we are currently seeing with the System Library definition.

What struck me as getting closer to the fundamental problem that I am having is the remarks in a later email by Anthony Towns where there are apparently 360 packages on his system that would be removed if he were to remove OpenSSL.

I see the positions of the different people who have responded to this question about linking Bacula with OpenSSL, and though I obviously cannot agree with everyone, since there are opposing interpretations, I can say that each has valid points.

To me the issue is much more fundamental. Apparently the problem with OpenSSL is one of an "onerous advertising clause", which I don't find so onerous -- so the authors want their names acknowledged for the work they did. In reading the clause that apparently poses the problem:

• 1. All advertising materials mentioning features or use of this software
• must display the following acknowledgment:
• "This product includes cryptographic software written by

• Eric Young (eay@cryptsoft.com)"

I have to say, that I am not completely sure what they want. I've tried to ask the authors, but their email addresses seem to be invalid. I've tried to ask the current OpenSSL maintainers, but they have not yet responded to my email.

In any case, I have added explicit acknowlegements in the LICENSE file and in the manual. As far as I know these are the only "advertising" materials that are used by Bacula or any of the distros, so I think I am in compliance with their license.

Now, coming back the GPL issue. I can understand why RMS doesn't like the OpenSSL license because of this advertising clause, but what I find very hard to understand is why that concerns anyone but me and the people distributing the binaries. We are the only ones who "suffer" from that clause. The bottom line is that I see no harm to either the Free Software movement nor the authors of GPLed software that I use in Bacula, if I comply the best I can with the terms of the OpenSSL license.

Right now, license issues seem to be black and white, that is they either work or do not work with GPL period. It seems to me that in the case of OpenSSL, their license is not totally incompatible with GPL, it is just a bit annoying to some people.

I don't want to imply that I encourage such licenses, but given the wide spread usage of OpenSSL and the rather trivial nature of this "problem" (IMO), it seems to me that the decision on whether or not software can be linked to the OpenSSL code should be up to the persons distributing the binaries.

Because of the large number of packages where some, if not many, probably have the same problem as Bacula, I would appreciate hearing FSF's and RMS' position on this.

Best regards,

Kern

-- Brett Smith Licensing Compliance Engineer, Free Software Foundation

===

Regards

Shane

-- Shane Coughlan FTF Coordinator Free Software Foundation Europe Office: +41435000366 ext 408 / Mobile: +41792633406 coughlan@fsfeurope.org Support Free Software > http://fsfe.org

Reply to:

• debian-legal@lists.debian.org
• Kern Sibbald (on-list)
• Kern Sibbald (off-list)

• Follow-Ups:
  • Re: Bacula and OpenSSL
    * From: "Shane M. Coughlan" coughlan@fsfeurope.org
• References:
  • Bacula and OpenSSL
    * From: Kern Sibbald kern@sibbald.com
  • Re: Bacula and OpenSSL
    * From: Steve Langasek vorlon@debian.org
  • Re: Bacula and OpenSSL
    * From: "Shane M. Coughlan" coughlan@fsfeurope.org
• Prev by Date:Re: Bacula and OpenSSL
• Next by Date:Re: Bacula and OpenSSL
• Previous by thread:Re: Bacula and OpenSSL
• Next by thread:Re: Bacula and OpenSSL
• Index(es):
  • Date
  • Thread