www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Jagielski <...@jaguNET.com>
Subject Re: Dependency on OpenSSL
Date Sun, 30 Oct 2016 12:40:23 GMT
Yes, that's correct, and +1 on adding it to the Resolved page.

> On Oct 28, 2016, at 6:48 PM, Todd Lipcon <todd@cloudera.com> wrote:
> 
> Just to revive this thread from a few months ago:
> 
> In Apache Kudu we're pulling in a little bit of code from OpenSSL (x509 certificate hostname
validation) into our source repository. In general we prefer to just link against the system's
OpenSSL, but this particular code is new and not available in most commonly deployed versions,
so we're copy-paste importing it.
> 
> Based on reading of this thread, we need to put the following in NOTICE.txt:
> 
> <begin>
> This product includes software developed by the OpenSSL Project
> for use in the OpenSSL Toolkit. (http://www.openssl.org/)
> 
> This product includes cryptographic software written by Eric Young
> (eay@cryptsoft.com).  This product includes software written by Tim
> Hudson (tjh@cryptsoft.com).
> <end>
> 
> Is my understanding of the resolution here correct? Would be great to have this listed
on the legal "resolved" page.
> 
> -Todd
> 
> On Fri, Jun 17, 2016 at 10:29 PM, Henri Yandell <bayard@apache.org> wrote:
> So I can update resolved.html; is there a link to where OpenSSL agreed that NOTICE was
sufficient in the archives (or their archives)?
> 
> On Mon, Jun 6, 2016 at 4:47 AM, Jim Jagielski <jim@jagunet.com> wrote:
> BSD-4 should be Cat-X *except* for those projects, such as OpenSSL, etc
> that have agreed that NOTICE is sufficient.
> 
> > On Jun 6, 2016, at 1:23 AM, Marvin Humphrey <marvin@rectangular.com> wrote:
> >
> > Roy, then Justin:
> >
> >>> I did not mean OpenSSL, specifically. I meant the things we have included
> >>> in our own packages that used to be under original BSD or AL 1.0.
> >>
> >> So how do you recommend we change the current legal resolved questions to
> >> make this clear ow to handle these licenses? Add them to category A but add
> >> that they need to be called out in NOTICE?
> >
> > The approach I hope we can take is to grandfather in harmless existing usage,
> > including an exception for OpenSSL in particular, but explicitly deprecate
> > licenses with advertising clauses to discourage future usage.
> >
> > Marvin Humphrey
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
> > For additional commands, e-mail: legal-discuss-help@apache.org
> >
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
> For additional commands, e-mail: legal-discuss-help@apache.org
> 
> 
> 
> 
> 
> -- 
> Todd Lipcon
> Software Engineer, Cloudera


---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org


Mime
View raw message