www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Nico Kruber (JIRA)" <j...@apache.org>
Subject [jira] [Created] (LEGAL-393) Shipping boringssl/OpenSSL binaries along Apache Flink
Date Thu, 12 Jul 2018 14:06:00 GMT
Nico Kruber created LEGAL-393:

             Summary: Shipping boringssl/OpenSSL binaries along Apache Flink
                 Key: LEGAL-393
                 URL: https://issues.apache.org/jira/browse/LEGAL-393
             Project: Legal Discuss
          Issue Type: Question
            Reporter: Nico Kruber

As part of providing the ability to use an OpenSSL-based SSL engine in Apache Flink, I need
to include the [{{netty-tcnative}}|http://netty.io/wiki/forked-tomcat-native.html#wiki-h2-4]
binaries into our {{flink-shaded-netty-4}} artifacts. {{netty-tcnative}} itself is Apache
2 licensed, but since both [OpenSSL|https://www.openssl.org] as well as [boringssl|https://github.com/google/boringssl]
(a fork of OpenSSL) are BSD-style licences (https://github.com/google/boringssl/blob/master/LICENSE,
https://www.openssl.org/source/license.html) and not Apache 2 (yet?), I was a bit worried
about the implications and which way to go.

The following options are available:

a) using a jar file with native code dynamically linked against system OpenSSL libraries (there
the jar contains only Apache 2 code)
b) using a jar file with statically linked binaries

Now both have their individual technical consequences but which of these two (if any) qualifies
from a legal perspective and what are the implications?

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org

View raw message