Hello, I believe we have a licensing issue with the crypto implementation in Wine and would like feedback relating to this. I know that some of the OpenSSL developers monitor this list so please provide feedback.
The first question is in regards to the following:
Clause 3 of OpenSSL license: * 3. All advertising materials mentioning features or use of this * software must display the following acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
This stipulation seems to introduce a incompatibility with the GPL. For normal Wine this is not a big deal but if someone wants to make a Winelib application that is GPL or if I want to take Wines Wininet and Adavapi32 code in to ReactOS this presents a problem. Am I correct in reading it this way?
If I am correct and it is incompatible with with GPL then would any of the Wine developers object to changing out crypto implementation to use NSS from Mozilla? I have spoken with the developers of Network Security Services for Mozilla and it has recently been tri-licensed MPL/LGPL/GPL on CVS tip. http://www.mozilla.org/projects/security/pki/nss/
From the what I understand this lib provides everything we need so all
it really means is that our soft dependency on OpenSSL in now a soft dependency on Mozilla. If we want to use the webbrowser module in Wine then a Mozilla dependency will be there already so we might as well use the security implementation while we are at it.
Thanks Steven
__________________________________ Do you Yahoo!? Yahoo! Mail - 50x more storage than other providers! http://promotions.yahoo.com/new_mail
On Fri, 09 Jul 2004 09:58:04 -0700, Steven Edwards wrote:
From the what I understand this lib provides everything we need so all it really means is that our soft dependency on OpenSSL in now a soft dependency on Mozilla. If we want to use the webbrowser module in Wine then a Mozilla dependency will be there already so we might as well use the security implementation while we are at it.
GNUTLS would probably be better. We don't currently depend on native Mozilla/GRE. Currently our usage of Moz is restricted to using a precompiled Windows binary activex control produced by somebody else.
thanks -mike
On Fri, Jul 09, 2004 at 09:58:04AM -0700, Steven Edwards wrote:
This stipulation seems to introduce a incompatibility with the GPL. For normal Wine this is not a big deal but if someone wants to make a Winelib application that is GPL or if I want to take Wines Wininet and Adavapi32 code in to ReactOS this presents a problem. Am I correct in reading it this way?
Well, from the FAQ on OpenSSL, they say that on Linux systems it should not be a problem as OpenSSL is part of the 'base' system. No idea if RMS would agree to that one though :-)
Lionel
PS: and no, I won't ask RMS the question tomorrow when he passes in my town :-)
Hi Lionel,
--- Lionel Ulmer lionel.ulmer@free.fr wrote:
Well, from the FAQ on OpenSSL, they say that on Linux systems it should not be a problem as OpenSSL is part of the 'base' system. No idea if RMS would agree to that one though :-)
I know what his answer is. I to him before about a binary driver exception to the GPL for ReactOS so I assume his answer will be the same for this clause. He is going to say that as the author you can do what you want including adding exceptions to the GPL but you run in to trouble when you try and add code from other GPL applications because the GPL does not allow the license to be tainted except by later versions of the GPL unless the author allows for it.
Thanks Steven
__________________________________ Do you Yahoo!? New and Improved Yahoo! Mail - 100MB free storage! http://promotions.yahoo.com/new_mail
On July 9, 2004 12:58 pm, Steven Edwards wrote:
I believe we have a licensing issue with the crypto implementation in Wine and would like feedback relating to this. I know that some of the OpenSSL developers monitor this list so please provide feedback.
We are lurking everywhere, you are never safe ...
The first question is in regards to the following:
Clause 3 of OpenSSL license:
- All advertising materials mentioning features or use of this
- software must display the following acknowledgment:
- "This product includes software developed by the OpenSSL Project
- for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
Yeah, this is an unavoidable hangover from the SSLeay days, not much that can be done about it (there is an equivalent clause for crediting Eric Young, except where the code is entirely new and post-SSLeay). However, as someone pointed out, this is "solved" by having OpenSSL as part of the underlying system. If it is, then the requirements to satisfy the openssl license have already been met (presumably) by the operating system provider, supplier, or other third party. In particular, I seem to recall that the current wine code is loading openssl on-the-fly and binding to symbols as required, so this should not be an issue (if openssl *isn't* part of the base distribution or installed in some other form that is consistent with the license, then wine won't find it!).
This shouldn't be an issue, but if you would like to go into grubby details (something I prefer to avoid, personally) you should head over to the openssl-users list and raise it there. There are a lot of open and closed source users of the toolkit there who may have already confronted the same issues you face (eg. if you are packaging wine commercially, or whatever, and have varying concerns beyond that of the raw wine project itself). There is also; http://www.openssl.org/support/faq.html#LEGAL2
Cheers, Geoff
-
Geoff Thorpe -
Lionel Ulmer -
Mike Hearn -
Steven Edwards