www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Todd Lipcon <t...@cloudera.com>
Subject Re: Dependency on OpenSSL
Date Mon, 31 Oct 2016 20:53:41 GMT
On Mon, Oct 31, 2016 at 1:29 PM, Jim Wright <jim.wright@oracle.com> wrote:

> When Todd says "we're copy-paste importing it" do you mean cut and pasting
> into an existing file, and if so (or in either event really) where does the
> original license go when you do that?
>

We created a new source file to copy-paste the code into. There are a few
trivial modifications that we had to make (eg using strlen() instead of
OPENSSL_strlen()) but otherwise it's just copy-pasted. So, we were planning
to keep the original OpenSSL license header and copyright on that file
rather than applying the Apache 2.0 one. You can see what we're planning on
committing here:

https://gerrit.cloudera.org/#/c/4789/7/src/kudu/util/x509_check_host.cc


> Apologies for my ignorance here, I just want to confirm a complete copy of
> the OpenSSL license ends up in both the complete source and in binary
> distributions.
>
>
https://gerrit.cloudera.org/#/c/4789/7/LICENSE.txt shows the diff for
LICENSE.txt
and https://gerrit.cloudera.org/#/c/4789/7/NOTICE.txt for NOTICE.txt

Does that seem sufficient?

-Todd


> > On Oct 30, 2016, at 8:40 AM, Jim Jagielski <jim@jaguNET.com> wrote:
> >
> > Yes, that's correct, and +1 on adding it to the Resolved page.
> >
> >> On Oct 28, 2016, at 6:48 PM, Todd Lipcon <todd@cloudera.com> wrote:
> >>
> >> Just to revive this thread from a few months ago:
> >>
> >> In Apache Kudu we're pulling in a little bit of code from OpenSSL (x509
> certificate hostname validation) into our source repository. In general we
> prefer to just link against the system's OpenSSL, but this particular code
> is new and not available in most commonly deployed versions, so we're
> copy-paste importing it.
> >>
> >> Based on reading of this thread, we need to put the following in
> NOTICE.txt:
> >>
> >> <begin>
> >> This product includes software developed by the OpenSSL Project
> >> for use in the OpenSSL Toolkit. (http://www.openssl.org/)
> >>
> >> This product includes cryptographic software written by Eric Young
> >> (eay@cryptsoft.com).  This product includes software written by Tim
> >> Hudson (tjh@cryptsoft.com).
> >> <end>
> >>
> >> Is my understanding of the resolution here correct? Would be great to
> have this listed on the legal "resolved" page.
> >>
> >> -Todd
> >>
> >> On Fri, Jun 17, 2016 at 10:29 PM, Henri Yandell <bayard@apache.org>
> wrote:
> >> So I can update resolved.html; is there a link to where OpenSSL agreed
> that NOTICE was sufficient in the archives (or their archives)?
> >>
> >> On Mon, Jun 6, 2016 at 4:47 AM, Jim Jagielski <jim@jagunet.com> wrote:
> >> BSD-4 should be Cat-X *except* for those projects, such as OpenSSL, etc
> >> that have agreed that NOTICE is sufficient.
> >>
> >>> On Jun 6, 2016, at 1:23 AM, Marvin Humphrey <marvin@rectangular.com>
> wrote:
> >>>
> >>> Roy, then Justin:
> >>>
> >>>>> I did not mean OpenSSL, specifically. I meant the things we have
> included
> >>>>> in our own packages that used to be under original BSD or AL 1.0.
> >>>>
> >>>> So how do you recommend we change the current legal resolved
> questions to
> >>>> make this clear ow to handle these licenses? Add them to category A
> but add
> >>>> that they need to be called out in NOTICE?
> >>>
> >>> The approach I hope we can take is to grandfather in harmless existing
> usage,
> >>> including an exception for OpenSSL in particular, but explicitly
> deprecate
> >>> licenses with advertising clauses to discourage future usage.
> >>>
> >>> Marvin Humphrey
> >>>
> >>> ---------------------------------------------------------------------
> >>> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
> >>> For additional commands, e-mail: legal-discuss-help@apache.org
> >>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
> >> For additional commands, e-mail: legal-discuss-help@apache.org
> >>
> >>
> >>
> >>
> >>
> >> --
> >> Todd Lipcon
> >> Software Engineer, Cloudera
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
> > For additional commands, e-mail: legal-discuss-help@apache.org
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
> For additional commands, e-mail: legal-discuss-help@apache.org
>
>


-- 
Todd Lipcon
Software Engineer, Cloudera

Mime
View raw message