22 Feb
2004
22 Feb
'04
9:29 p.m.
Hello,
I am out of development for a few weeks but I have some ideas about
using OpenSSL in ReactOS but we have one minor show stoppper. The
OpenSSL license is not compatible with the GPL so any code that links
to OpenSSL is going to need to be either LGPL or GPL with a exception
for OpenSSL. We need to use OpenSSL in a few user-space dlls (wininet,
rsabase, cryptoapi) and in our implementation of the security subsystem
(lsass, ntoskrnl/se, samlib, etc). In the user-space stuff this isnt a
issue as nothing is really implemented anyway but in the security
subsystem side this may cause a problem because we already have some
existing code. Can we license all of ReactOS as GPL and only license
those files that directly link to OpenSSL as "GPL+Exception"? The is a
problem because OpenSSL uses a BSD style advertising clause that is
incompatible with the GPL.
Thanks
Steven
__________________________________
Do you Yahoo!?
Yahoo! Mail SpamGuard - Read only the mail you want.
http://antispam.yahoo.com/tools
22 Feb
22 Feb
10:49 p.m.
At 22.29 22/02/2004, you wrote:
I am out of development for a few weeks but I have some
ideas about using
OpenSSL in ReactOS but we have one minor show stoppper. The OpenSSL
license is not compatible with the GPL so any code that links to OpenSSL
is going to need to be either LGPL or GPL with a exception for OpenSSL.
I see a lot of confusion about what exactly uses OpenSSL and what doesn't
(not that I have a clear idea of that, either). This looks like the perfect
time for planning before diving head-first. Anyone can help us track
dependencies of Windows components from cryptography and certificate
management functions? I'll start with an easy one: wininet should use
whatever SSL/TLS implementation it finds, querying for it with
CryptAcquireContext, so it won't depend on OpenSSL
PS: I fail to understand how an "exception" in licensing could help.
Advertising OpenSSL would still be required to comply with its license. Not
that complying with such a requirement looks such a dramatic burden as to
make anything "non-free" - e.g. did you know that the Opera web browser
uses OpenSSL? Be quick to think of a counter-counter-example, because I
already have a counter-example ready
10:57 p.m.
At 22.29 22/02/2004, you wrote:
I am out of development for a few weeks but I have some
ideas about using
OpenSSL in ReactOS [...]
bleah:
[http://www.openssl.org/support/faq.html]
2. I've compiled a program under Windows and it
crashes: why?
This is usually because you've missed the comment in INSTALL.W32. Your
application must link against the same version of the Win32 C-Runtime
against which your openssl libraries were linked. The default version for
OpenSSL is /MD - "Multithreaded DLL".
Are we absolutely, positively sure that this... thing is right for us?
11:18 p.m.
-----Original Message-----
From: ros-general-bounces(a)reactos.com [mailto:ros-general-
bounces(a)reactos.com] On Behalf Of Steven Edwards
Sent: 22. februar 2004 22:29
To: ros-general(a)reactos.com
Subject: [ros-general] License issue with OpenSSL and ReactOS (GPL)
Hello,
I am out of development for a few weeks but I have some ideas about
using OpenSSL in ReactOS but we have one minor show stoppper. The
OpenSSL license is not compatible with the GPL so any code that links
to OpenSSL is going to need to be either LGPL or GPL with a exception
for OpenSSL. We need to use OpenSSL in a few user-space dlls (wininet,
rsabase, cryptoapi) and in our implementation of the security subsystem
(lsass, ntoskrnl/se, samlib, etc). In the user-space stuff this isnt a
issue as nothing is really implemented anyway but in the security
subsystem side this may cause a problem because we already have some
existing code. Can we license all of ReactOS as GPL and only license
those files that directly link to OpenSSL as "GPL+Exception"? The is a
problem because OpenSSL uses a BSD style advertising clause that is
incompatible with the GPL.
Thanks
Steven
According to attorney Lawrence Rosen, whom specializes in technology,
dynamic linking of program A with program B does not make program A a
derivative work of program B. So if program B is GPL'ed then program A does
not need to be GPL compatible. So you could build a DLL from OpenSSL without
using GPL'ed code (like the GPL'ed ReactOS headers) and you could use that
DLL in your GPL'ed program without imposing restrictions from the GPL on the
non-GPL'ed program.
http://www.rosenlaw.com/html/GPL.PDF
23 Feb
23 Feb
7:39 a.m.
On Mon, Feb 23, 2004 at 12:18:12AM +0100, Casper Hornstrup wrote:
Probably this is true, legally spoken, but in the spirit of the GPL it
does. It does according to RMS, so the next version of GPL might very
well state something on linking explicitely. I'd think we better stay on
the safe site. The GPL never really was a legal document anyway.
Mark
-----Original Message-----
From: ros-general-bounces(a)reactos.com [mailto:ros-general-
bounces(a)reactos.com] On Behalf Of Steven Edwards
Sent: 22. februar 2004 22:29
To: ros-general(a)reactos.com
Subject: [ros-general] License issue with OpenSSL and ReactOS (GPL)
Hello,
I am out of development for a few weeks but I have some ideas about
using OpenSSL in ReactOS but we have one minor show stoppper. The
OpenSSL license is not compatible with the GPL so any code that links
to OpenSSL is going to need to be either LGPL or GPL with a exception
for OpenSSL. We need to use OpenSSL in a few user-space dlls (wininet,
rsabase, cryptoapi) and in our implementation of the security subsystem
(lsass, ntoskrnl/se, samlib, etc). In the user-space stuff this isnt a
issue as nothing is really implemented anyway but in the security
subsystem side this may cause a problem because we already have some
existing code. Can we license all of ReactOS as GPL and only license
those files that directly link to OpenSSL as "GPL+Exception"? The is a
problem because OpenSSL uses a BSD style advertising clause that is
incompatible with the GPL.
Thanks
Steven
According to attorney Lawrence Rosen, whom specializes in technology,
dynamic linking of program A with program B does not make program A a
derivative work of program B. So if program B is GPL'ed then program A does
not need to be GPL compatible. So you could build a DLL from OpenSSL without
using GPL'ed code (like the GPL'ed ReactOS headers) and you could use that
DLL in your GPL'ed program without imposing restrictions from the GPL on the
non-GPL'ed program.
8:47 a.m.
According to
attorney Lawrence Rosen, whom specializes in technology,
dynamic linking of program A with program B does not make program A a
derivative work of program B. So if program B is GPL'ed then program A
does
not need to be GPL compatible. So you could build
a DLL from OpenSSL
without
using GPL'ed code (like the GPL'ed
ReactOS headers) and you could use
that
DLL in your GPL'ed program without imposing
restrictions from the GPL on
the
non-GPL'ed program.
Probably this is true, legally spoken, but in the spirit of the GPL it
does. It does according to RMS, so the next version of GPL might very
well state something on linking explicitely. I'd think we better stay on
the safe site. The GPL never really was a legal document anyway.
Mark 
4:06 p.m.
On Mon, 2004-02-23 at 02:47, Casper Hornstrup wrote:
I'm still looking for any information on if the
GPL has been challenged in
court and if so, what was ruled.
Nothing major that I know of; keep your eyes on the sco case, though.
Anyone got any information? Until the GPL
has been challenged in court, I believe RMS is wrong and he is just trying
to scare people of using free software with proprietary software because he
screwed up when he wrote the GPL.
You have to recognize what RMS's motivation was/is: he wants all
software to be Free. It's not surprising that he would craft his
license to be extremely restrictive about non-free software, as a way to
encourage coders to re-write non-free stuff and release it as Free,
instead of just reusing the non-free version. He believes that an
advertizing clause is restrictive of Freedom (which it certainly is by
his definition), and therefore non-free.
I may not agree with his premise, but he certainly has done a good job
executing against his vision. I certainly don't see the GPL as a
mistake.
-Vizzini
7511
days inactive
7512
days old
6 comments
5 participants
participants (5)
-
Casper Hornstrup -
KJK::Hyperion -
Mark IJbema -
Steven Edwards -
Vizzini