www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Todd Lipcon <t...@cloudera.com>
Subject Re: Dependency on OpenSSL
Date Fri, 28 Oct 2016 22:48:38 GMT
Just to revive this thread from a few months ago:

In Apache Kudu we're pulling in a little bit of code from OpenSSL (x509
certificate hostname validation) into our source repository. In general we
prefer to just link against the system's OpenSSL, but this particular code
is new and not available in most commonly deployed versions, so we're
copy-paste importing it.

Based on reading of this thread, we need to put the following in NOTICE.txt:

<begin>
This product includes software developed by the OpenSSL Project
for use in the OpenSSL Toolkit. (http://www.openssl.org/)

This product includes cryptographic software written by Eric Young
(eay@cryptsoft.com).  This product includes software written by Tim
Hudson (tjh@cryptsoft.com).
<end>

Is my understanding of the resolution here correct? Would be great to have
this listed on the legal "resolved" page.

-Todd

On Fri, Jun 17, 2016 at 10:29 PM, Henri Yandell <bayard@apache.org> wrote:

> So I can update resolved.html; is there a link to where OpenSSL agreed
> that NOTICE was sufficient in the archives (or their archives)?
>
> On Mon, Jun 6, 2016 at 4:47 AM, Jim Jagielski <jim@jagunet.com> wrote:
>
>> BSD-4 should be Cat-X *except* for those projects, such as OpenSSL, etc
>> that have agreed that NOTICE is sufficient.
>>
>> > On Jun 6, 2016, at 1:23 AM, Marvin Humphrey <marvin@rectangular.com>
>> wrote:
>> >
>> > Roy, then Justin:
>> >
>> >>> I did not mean OpenSSL, specifically. I meant the things we have
>> included
>> >>> in our own packages that used to be under original BSD or AL 1.0.
>> >>
>> >> So how do you recommend we change the current legal resolved questions
>> to
>> >> make this clear ow to handle these licenses? Add them to category A
>> but add
>> >> that they need to be called out in NOTICE?
>> >
>> > The approach I hope we can take is to grandfather in harmless existing
>> usage,
>> > including an exception for OpenSSL in particular, but explicitly
>> deprecate
>> > licenses with advertising clauses to discourage future usage.
>> >
>> > Marvin Humphrey
>> >
>> > ---------------------------------------------------------------------
>> > To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
>> > For additional commands, e-mail: legal-discuss-help@apache.org
>> >
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
>> For additional commands, e-mail: legal-discuss-help@apache.org
>>
>>
>


-- 
Todd Lipcon
Software Engineer, Cloudera

Mime
View raw message