www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Wright <jim.wri...@oracle.com>
Subject Re: Dependency on OpenSSL
Date Mon, 31 Oct 2016 21:23:42 GMT
I'll discuss with Mishi and confirm back to the group.

 Regards,
  Jim


> On Oct 31, 2016, at 4:53 PM, Todd Lipcon <todd@cloudera.com> wrote:
> 
>> On Mon, Oct 31, 2016 at 1:29 PM, Jim Wright <jim.wright@oracle.com> wrote:
>> When Todd says "we're copy-paste importing it" do you mean cut and pasting into an
existing file, and if so (or in either event really) where does the original license go when
you do that?
> 
> We created a new source file to copy-paste the code into. There are a few trivial modifications
that we had to make (eg using strlen() instead of OPENSSL_strlen()) but otherwise it's just
copy-pasted. So, we were planning to keep the original OpenSSL license header and copyright
on that file rather than applying the Apache 2.0 one. You can see what we're planning on committing
here:
> 
> https://gerrit.cloudera.org/#/c/4789/7/src/kudu/util/x509_check_host.cc
> 
>> 
>> Apologies for my ignorance here, I just want to confirm a complete copy of the OpenSSL
license ends up in both the complete source and in binary distributions.
> 
> https://gerrit.cloudera.org/#/c/4789/7/LICENSE.txt shows the diff for LICENSE.txt
> and https://gerrit.cloudera.org/#/c/4789/7/NOTICE.txt for NOTICE.txt
> 
> Does that seem sufficient?
> 
> -Todd 
> 
>> 
>> > On Oct 30, 2016, at 8:40 AM, Jim Jagielski <jim@jaguNET.com> wrote:
>> >
>> > Yes, that's correct, and +1 on adding it to the Resolved page.
>> >
>> >> On Oct 28, 2016, at 6:48 PM, Todd Lipcon <todd@cloudera.com> wrote:
>> >>
>> >> Just to revive this thread from a few months ago:
>> >>
>> >> In Apache Kudu we're pulling in a little bit of code from OpenSSL (x509
certificate hostname validation) into our source repository. In general we prefer to just
link against the system's OpenSSL, but this particular code is new and not available in most
commonly deployed versions, so we're copy-paste importing it.
>> >>
>> >> Based on reading of this thread, we need to put the following in NOTICE.txt:
>> >>
>> >> <begin>
>> >> This product includes software developed by the OpenSSL Project
>> >> for use in the OpenSSL Toolkit. (http://www.openssl.org/)
>> >>
>> >> This product includes cryptographic software written by Eric Young
>> >> (eay@cryptsoft.com).  This product includes software written by Tim
>> >> Hudson (tjh@cryptsoft.com).
>> >> <end>
>> >>
>> >> Is my understanding of the resolution here correct? Would be great to have
this listed on the legal "resolved" page.
>> >>
>> >> -Todd
>> >>
>> >> On Fri, Jun 17, 2016 at 10:29 PM, Henri Yandell <bayard@apache.org>
wrote:
>> >> So I can update resolved.html; is there a link to where OpenSSL agreed that
NOTICE was sufficient in the archives (or their archives)?
>> >>
>> >> On Mon, Jun 6, 2016 at 4:47 AM, Jim Jagielski <jim@jagunet.com> wrote:
>> >> BSD-4 should be Cat-X *except* for those projects, such as OpenSSL, etc
>> >> that have agreed that NOTICE is sufficient.
>> >>
>> >>> On Jun 6, 2016, at 1:23 AM, Marvin Humphrey <marvin@rectangular.com>
wrote:
>> >>>
>> >>> Roy, then Justin:
>> >>>
>> >>>>> I did not mean OpenSSL, specifically. I meant the things we
have included
>> >>>>> in our own packages that used to be under original BSD or AL
1.0.
>> >>>>
>> >>>> So how do you recommend we change the current legal resolved questions
to
>> >>>> make this clear ow to handle these licenses? Add them to category
A but add
>> >>>> that they need to be called out in NOTICE?
>> >>>
>> >>> The approach I hope we can take is to grandfather in harmless existing
usage,
>> >>> including an exception for OpenSSL in particular, but explicitly deprecate
>> >>> licenses with advertising clauses to discourage future usage.
>> >>>
>> >>> Marvin Humphrey
>> >>>
>> >>> ---------------------------------------------------------------------
>> >>> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
>> >>> For additional commands, e-mail: legal-discuss-help@apache.org
>> >>
>> >>
>> >> ---------------------------------------------------------------------
>> >> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
>> >> For additional commands, e-mail: legal-discuss-help@apache.org
>> >>
>> >>
>> >>
>> >>
>> >>
>> >> --
>> >> Todd Lipcon
>> >> Software Engineer, Cloudera
>> >
>> >
>> > ---------------------------------------------------------------------
>> > To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
>> > For additional commands, e-mail: legal-discuss-help@apache.org
>> >
>> 
>> 
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
>> For additional commands, e-mail: legal-discuss-help@apache.org
> 
> 
> 
> -- 
> Todd Lipcon
> Software Engineer, Cloudera

Mime
View raw message