www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Todd Lipcon <t...@cloudera.com>
Subject Re: Dependency on OpenSSL
Date Wed, 02 Nov 2016 17:11:14 GMT
On Wed, Nov 2, 2016 at 4:18 AM, Jim Wright <jim.wright@oracle.com> wrote:

> Todd, while I wait to catch up with Mishi about it, is there a reason you
> inserted only part of the OpenSSL license into the LICENSE.TXT file (the
> first of two licenses)?
>
>
I think that's probably an oversight. Let me check with the patch author.

-Todd

On Oct 31, 2016, at 4:53 PM, Todd Lipcon <todd@cloudera.com> wrote:
>
> On Mon, Oct 31, 2016 at 1:29 PM, Jim Wright <jim.wright@oracle.com> wrote:
>
>> When Todd says "we're copy-paste importing it" do you mean cut and
>> pasting into an existing file, and if so (or in either event really) where
>> does the original license go when you do that?
>>
>
> We created a new source file to copy-paste the code into. There are a few
> trivial modifications that we had to make (eg using strlen() instead of
> OPENSSL_strlen()) but otherwise it's just copy-pasted. So, we were planning
> to keep the original OpenSSL license header and copyright on that file
> rather than applying the Apache 2.0 one. You can see what we're planning on
> committing here:
>
> https://gerrit.cloudera.org/#/c/4789/7/src/kudu/util/x509_check_host.cc
>
>
>> Apologies for my ignorance here, I just want to confirm a complete copy
>> of the OpenSSL license ends up in both the complete source and in binary
>> distributions.
>>
>>
> https://gerrit.cloudera.org/#/c/4789/7/LICENSE.txt shows the diff for
> LICENSE.txt
> and https://gerrit.cloudera.org/#/c/4789/7/NOTICE.txt for NOTICE.txt
>
> Does that seem sufficient?
>
> -Todd
>
>
>> > On Oct 30, 2016, at 8:40 AM, Jim Jagielski <jim@jaguNET.com
>> <jim@jagunet.com>> wrote:
>> >
>> > Yes, that's correct, and +1 on adding it to the Resolved page.
>> >
>> >> On Oct 28, 2016, at 6:48 PM, Todd Lipcon <todd@cloudera.com> wrote:
>> >>
>> >> Just to revive this thread from a few months ago:
>> >>
>> >> In Apache Kudu we're pulling in a little bit of code from OpenSSL
>> (x509 certificate hostname validation) into our source repository. In
>> general we prefer to just link against the system's OpenSSL, but this
>> particular code is new and not available in most commonly deployed
>> versions, so we're copy-paste importing it.
>> >>
>> >> Based on reading of this thread, we need to put the following in
>> NOTICE.txt:
>> >>
>> >> <begin>
>> >> This product includes software developed by the OpenSSL Project
>> >> for use in the OpenSSL Toolkit. (http://www.openssl.org/)
>> >>
>> >> This product includes cryptographic software written by Eric Young
>> >> (eay@cryptsoft.com).  This product includes software written by Tim
>> >> Hudson (tjh@cryptsoft.com).
>> >> <end>
>> >>
>> >> Is my understanding of the resolution here correct? Would be great to
>> have this listed on the legal "resolved" page.
>> >>
>> >> -Todd
>> >>
>> >> On Fri, Jun 17, 2016 at 10:29 PM, Henri Yandell <bayard@apache.org>
>> wrote:
>> >> So I can update resolved.html; is there a link to where OpenSSL agreed
>> that NOTICE was sufficient in the archives (or their archives)?
>> >>
>> >> On Mon, Jun 6, 2016 at 4:47 AM, Jim Jagielski <jim@jagunet.com> wrote:
>> >> BSD-4 should be Cat-X *except* for those projects, such as OpenSSL, etc
>> >> that have agreed that NOTICE is sufficient.
>> >>
>> >>> On Jun 6, 2016, at 1:23 AM, Marvin Humphrey <marvin@rectangular.com>
>> wrote:
>> >>>
>> >>> Roy, then Justin:
>> >>>
>> >>>>> I did not mean OpenSSL, specifically. I meant the things we
have
>> included
>> >>>>> in our own packages that used to be under original BSD or AL
1.0.
>> >>>>
>> >>>> So how do you recommend we change the current legal resolved
>> questions to
>> >>>> make this clear ow to handle these licenses? Add them to category
A
>> but add
>> >>>> that they need to be called out in NOTICE?
>> >>>
>> >>> The approach I hope we can take is to grandfather in harmless
>> existing usage,
>> >>> including an exception for OpenSSL in particular, but explicitly
>> deprecate
>> >>> licenses with advertising clauses to discourage future usage.
>> >>>
>> >>> Marvin Humphrey
>> >>>
>> >>> ---------------------------------------------------------------------
>> >>> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
>> >>> For additional commands, e-mail: legal-discuss-help@apache.org
>> >>
>> >>
>> >> ---------------------------------------------------------------------
>> >> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
>> >> For additional commands, e-mail: legal-discuss-help@apache.org
>> >>
>> >>
>> >>
>> >>
>> >>
>> >> --
>> >> Todd Lipcon
>> >> Software Engineer, Cloudera
>> >
>> >
>> > ---------------------------------------------------------------------
>> > To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
>> > For additional commands, e-mail: legal-discuss-help@apache.org
>> >
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
>> For additional commands, e-mail: legal-discuss-help@apache.org
>>
>>
>
>
> --
> Todd Lipcon
> Software Engineer, Cloudera
>
>


-- 
Todd Lipcon
Software Engineer, Cloudera

Mime
View raw message