www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From William A Rowe Jr <wr...@rowe-clan.net>
Subject Re: Dependency on OpenSSL
Date Thu, 02 Jun 2016 20:01:26 GMT
On Thu, Jun 2, 2016 at 1:13 PM, Steve Varnau <steve.varnau@esgyn.com> wrote:

> Hello,
> Per Justin's suggestion (below) I wanted to ask whether it is okay for our
> project to have a dependency on OpenSSL.
> OpenSSL is working on changing licensing[1], but is currently seems to be
> Category X.

Welcome news, and there is lots of code to yet refactor to eliminate all
of the originally licensed code.  But as to Category "X" How do you come
to this conclusion?

It is a BSD+Advertising Clause derivative license, which we've always
understood as permissible as a dependency... but with an important
caveat in the FAQ...

"Please also ensure to comply with any attribution/notice requirements in
the specific license in question."

BSD with no Advertising clause is Category "A", but the presence
of the clause triggers our Category "B" case.

By dynamically linking with OpenSSL libraries, we will not bundle it with
> our convenience binaries.
> I see from the export page[2] that several other projects also use
> OpenSSL, but some of those usages seem to be optional.
> Can we dynamically link to and thereby depend on OpenSSL, or do we need to
> somehow make this optional?
> Thanks,
> --Steve
> [1] https://www.openssl.org/blog/blog/2015/08/01/cla/
> [2] http://www.apache.org/licenses/exports/

 There is no practical distinction here.

View raw message