www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dennis E. Hamilton" <dennis.hamil...@acm.org>
Subject RE: Dependency on OpenSSL
Date Sun, 05 Jun 2016 22:10:36 GMT
I would like very much to return to the original focused concern of this thread: The license
requirements of OpenSSL as a dependency from an Apache project.  I am already investigating
how Apache OpenOffice may need to adjust its handling of an apparent dependency with regard

Here are the facts that I am concerned about.

 1. From <https://www.openssl.org/>, the following statement is made.  Note the use

	"The OpenSSL toolkit is licensed under an Apache-style license,
	Which basically means that you are free to get and use it for
	commercial and non-commercial purposes subject to some simple
	license conditions."

	Not unlike what could be said of the Apache License [any version]
  2. At <https://www.openssl.org/source/license.txt> there is a "dual license" text
for two licenses, an OpenSSL License and an Orinal SSLeay License.  The texts are each distinct
in literal form from an Apache License.  

  2.1 Familiar bits

  * They each include copyright notices.  They each apply 
    "redistribution" to mean with or without modification.

  * They each require retention of those notices, the statements of
    conditions, and disclaimers in redistributions.

  * They each require provision of the same in an effective manner
    in conjunction with binary redistributions.

  2.2 Notification, Attribution, Acknowledgment bits

  * OpenSSL License requires a specific acknowledgment in "All 
    advertising materials mentioning features or use of this software."
    Open SSLeay License has the condition and a different specific

  * OpenSSL License requires redistribution in any form to whatsoever 
    to retain a specific acknowledgement statement.

  * OpenSSL License has a final statement of acknowledgment that is
    not literally embraced under the stated conditions.

  * Original SSLeay License is not so well-structured and gives notice
    of copyright by two individuals.  Notices in code are explicitly
    not removable.

  * Original SSLeay License requires attribution to named individuals
    under various conditions.

  * Original SSLeay License has a tacked-on condition that appears 
    intended to ward off downsteam relicensing, were there such a 


  * The license acceptable for redistribution as a dependency would
    surely appear in the LICENSE file because it must be 
    provided and others are not alternatives.

  * The NOTICE file would include a clear but minimal statement
    that satisfies the conditions of the license and the ASF purpose
    for NOTICE.

  * I have no idea what the conditions of acceptable dependency might 
    be.  It would be nice were there at least practicable Category B 

 - Dennis


> -----Original Message-----
> From: Henri Yandell [mailto:bayard@apache.org]
> Sent: Sunday, June 5, 2016 13:20
> To: ASF Legal Discuss <legal-discuss@apache.org>
> Subject: Re: Dependency on OpenSSL
> Roy said:
> "The advertising clause is subsumed by the AL2 NOTICE file when the
> copyright
> owners are asked if the NOTICE file is sufficient advertising and they
> agree."
> So don't we have to go ask the copyright owners?
> Hen
> On Sun, Jun 5, 2016 at 7:03 AM, Justin Mclean <justin@classsoftware.com
> <mailto:justin@classsoftware.com> > wrote:
> 	Hi,
> 	> I did not mean OpenSSL, specifically. I meant the things we have
> included in our own packages that used to be under original BSD or AL
> 1.0.
> 	So how do you recommend we change the current legal resolved
> questions to make this clear ow to handle these licenses? Add them to
> category A but add that they need to be called out in NOTICE?
> 	Thanks,
> 	Justin
> 	-------------------------------------------------------------------
> --
> 	To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
> <mailto:legal-discuss-unsubscribe@apache.org>
> 	For additional commands, e-mail: legal-discuss-help@apache.org
> <mailto:legal-discuss-help@apache.org>

To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org

View raw message