On Fri, 2004-06-04 at 08:39, Henrik Nordstrom wrote:
> Do you have more detailed information on this license conflict? If I
> understand correctly it is actually GPL who does not allow linking with
> the OpenSSL license due to the (double) advertising clause of OpenSSL and
> therefore needs an exception to allow OpenSSL to be linked into the GPL
> application even when the OpenSSL license is not strictly GPL compatible.
http://archives.seul.org/mixminion/dev/Jul-2002/msg00015.html has two
useful links to the debian legal archives..
http://lists.debian.org/debian-legal/2002/debian-legal-200207/msg00563.html,
http://lists.debian.org/debian-legal/2002/debian-legal-200207/msg00454.html and
followups. ]
> > We have three basic options:
> >
> > 1) Ignore it - appliances can't ship with ssl support, distros can't
> > ship with ssl support, but users can rebuild their squids if they need.
>
> If my assumption wrt the license conflict above is correct then most
> distros can probably argue that they are safe due to OpenSSL today being
> considered an integral OS component already expempt from GPL by section 3
> in the GPL, but it is a thin line on what is "core component" and what is
> "extra".
Well, it's an arguable position, but IMO an unsafe one. Its certainly
not part of the posix interface to the sytem, for instance.
> > 2) Get squid working with GnuTLS which is meant to be an almost-dropin
> > replacement for openssl. They apparently have compatability headers
> > even.
>
> Interesting. Should not be hard to accomplish I think.
Cool. I have very little experience with ssl/tls code - and no time
right now to hack on it anyway :[. But if I can get you any info etc,
and you have time...
Rob
-- GPG key available at: <http://www.robertcollins.net/keys.txt>.
This archive was generated by hypermail pre-2.1.9 : Wed Jun 30 2004 - 12:00:03 MDT