www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Wright <jim.wri...@oracle.com>
Subject Re: Dependency on OpenSSL
Date Mon, 31 Oct 2016 20:29:14 GMT
When Todd says "we're copy-paste importing it" do you mean cut and pasting into an existing
file, and if so (or in either event really) where does the original license go when you do
that?  

Apologies for my ignorance here, I just want to confirm a complete copy of the OpenSSL license
ends up in both the complete source and in binary distributions.

 Regards,
  Jim


> On Oct 30, 2016, at 8:40 AM, Jim Jagielski <jim@jaguNET.com> wrote:
> 
> Yes, that's correct, and +1 on adding it to the Resolved page.
> 
>> On Oct 28, 2016, at 6:48 PM, Todd Lipcon <todd@cloudera.com> wrote:
>> 
>> Just to revive this thread from a few months ago:
>> 
>> In Apache Kudu we're pulling in a little bit of code from OpenSSL (x509 certificate
hostname validation) into our source repository. In general we prefer to just link against
the system's OpenSSL, but this particular code is new and not available in most commonly deployed
versions, so we're copy-paste importing it.
>> 
>> Based on reading of this thread, we need to put the following in NOTICE.txt:
>> 
>> <begin>
>> This product includes software developed by the OpenSSL Project
>> for use in the OpenSSL Toolkit. (http://www.openssl.org/)
>> 
>> This product includes cryptographic software written by Eric Young
>> (eay@cryptsoft.com).  This product includes software written by Tim
>> Hudson (tjh@cryptsoft.com).
>> <end>
>> 
>> Is my understanding of the resolution here correct? Would be great to have this listed
on the legal "resolved" page.
>> 
>> -Todd
>> 
>> On Fri, Jun 17, 2016 at 10:29 PM, Henri Yandell <bayard@apache.org> wrote:
>> So I can update resolved.html; is there a link to where OpenSSL agreed that NOTICE
was sufficient in the archives (or their archives)?
>> 
>> On Mon, Jun 6, 2016 at 4:47 AM, Jim Jagielski <jim@jagunet.com> wrote:
>> BSD-4 should be Cat-X *except* for those projects, such as OpenSSL, etc
>> that have agreed that NOTICE is sufficient.
>> 
>>> On Jun 6, 2016, at 1:23 AM, Marvin Humphrey <marvin@rectangular.com> wrote:
>>> 
>>> Roy, then Justin:
>>> 
>>>>> I did not mean OpenSSL, specifically. I meant the things we have included
>>>>> in our own packages that used to be under original BSD or AL 1.0.
>>>> 
>>>> So how do you recommend we change the current legal resolved questions to
>>>> make this clear ow to handle these licenses? Add them to category A but add
>>>> that they need to be called out in NOTICE?
>>> 
>>> The approach I hope we can take is to grandfather in harmless existing usage,
>>> including an exception for OpenSSL in particular, but explicitly deprecate
>>> licenses with advertising clauses to discourage future usage.
>>> 
>>> Marvin Humphrey
>>> 
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
>>> For additional commands, e-mail: legal-discuss-help@apache.org
>> 
>> 
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
>> For additional commands, e-mail: legal-discuss-help@apache.org
>> 
>> 
>> 
>> 
>> 
>> -- 
>> Todd Lipcon
>> Software Engineer, Cloudera
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
> For additional commands, e-mail: legal-discuss-help@apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org


Mime
View raw message