Hello, I am out of development for a few weeks but I have some ideas about using OpenSSL in ReactOS but we have one minor show stoppper. The OpenSSL license is not compatible with the GPL so any code that links to OpenSSL is going to need to be either LGPL or GPL with a exception for OpenSSL. We need to use OpenSSL in a few user-space dlls (wininet, rsabase, cryptoapi) and in our implementation of the security subsystem (lsass, ntoskrnl/se, samlib, etc). In the user-space stuff this isnt a issue as nothing is really implemented anyway but in the security subsystem side this may cause a problem because we already have some existing code. Can we license all of ReactOS as GPL and only license those files that directly link to OpenSSL as "GPL+Exception"? The is a problem because OpenSSL uses a BSD style advertising clause that is incompatible with the GPL.
Thanks Steven
__________________________________ Do you Yahoo!? Yahoo! Mail SpamGuard - Read only the mail you want. http://antispam.yahoo.com/tools
At 22.29 22/02/2004, you wrote:
I am out of development for a few weeks but I have some ideas about using OpenSSL in ReactOS but we have one minor show stoppper. The OpenSSL license is not compatible with the GPL so any code that links to OpenSSL is going to need to be either LGPL or GPL with a exception for OpenSSL.
I see a lot of confusion about what exactly uses OpenSSL and what doesn't (not that I have a clear idea of that, either). This looks like the perfect time for planning before diving head-first. Anyone can help us track dependencies of Windows components from cryptography and certificate management functions? I'll start with an easy one: wininet should use whatever SSL/TLS implementation it finds, querying for it with CryptAcquireContext, so it won't depend on OpenSSL
PS: I fail to understand how an "exception" in licensing could help. Advertising OpenSSL would still be required to comply with its license. Not that complying with such a requirement looks such a dramatic burden as to make anything "non-free" - e.g. did you know that the Opera web browser uses OpenSSL? Be quick to think of a counter-counter-example, because I already have a counter-example ready
At 22.29 22/02/2004, you wrote:
I am out of development for a few weeks but I have some ideas about using OpenSSL in ReactOS [...]
bleah:
[http://www.openssl.org/support/faq.html]
- I've compiled a program under Windows and it crashes: why?
This is usually because you've missed the comment in INSTALL.W32. Your application must link against the same version of the Win32 C-Runtime against which your openssl libraries were linked. The default version for OpenSSL is /MD - "Multithreaded DLL".
Are we absolutely, positively sure that this... thing is right for us?
-----Original Message----- From: ros-general-bounces@reactos.com [mailto:ros-general- bounces@reactos.com] On Behalf Of Steven Edwards Sent: 22. februar 2004 22:29 To: ros-general@reactos.com Subject: [ros-general] License issue with OpenSSL and ReactOS (GPL)
Hello, I am out of development for a few weeks but I have some ideas about using OpenSSL in ReactOS but we have one minor show stoppper. The OpenSSL license is not compatible with the GPL so any code that links to OpenSSL is going to need to be either LGPL or GPL with a exception for OpenSSL. We need to use OpenSSL in a few user-space dlls (wininet, rsabase, cryptoapi) and in our implementation of the security subsystem (lsass, ntoskrnl/se, samlib, etc). In the user-space stuff this isnt a issue as nothing is really implemented anyway but in the security subsystem side this may cause a problem because we already have some existing code. Can we license all of ReactOS as GPL and only license those files that directly link to OpenSSL as "GPL+Exception"? The is a problem because OpenSSL uses a BSD style advertising clause that is incompatible with the GPL.
Thanks Steven
According to attorney Lawrence Rosen, whom specializes in technology, dynamic linking of program A with program B does not make program A a derivative work of program B. So if program B is GPL'ed then program A does not need to be GPL compatible. So you could build a DLL from OpenSSL without using GPL'ed code (like the GPL'ed ReactOS headers) and you could use that DLL in your GPL'ed program without imposing restrictions from the GPL on the non-GPL'ed program.
On Mon, Feb 23, 2004 at 12:18:12AM +0100, Casper Hornstrup wrote:
-----Original Message----- From: ros-general-bounces@reactos.com [mailto:ros-general- bounces@reactos.com] On Behalf Of Steven Edwards Sent: 22. februar 2004 22:29 To: ros-general@reactos.com Subject: [ros-general] License issue with OpenSSL and ReactOS (GPL)
Hello, I am out of development for a few weeks but I have some ideas about using OpenSSL in ReactOS but we have one minor show stoppper. The OpenSSL license is not compatible with the GPL so any code that links to OpenSSL is going to need to be either LGPL or GPL with a exception for OpenSSL. We need to use OpenSSL in a few user-space dlls (wininet, rsabase, cryptoapi) and in our implementation of the security subsystem (lsass, ntoskrnl/se, samlib, etc). In the user-space stuff this isnt a issue as nothing is really implemented anyway but in the security subsystem side this may cause a problem because we already have some existing code. Can we license all of ReactOS as GPL and only license those files that directly link to OpenSSL as "GPL+Exception"? The is a problem because OpenSSL uses a BSD style advertising clause that is incompatible with the GPL.
Thanks Steven
According to attorney Lawrence Rosen, whom specializes in technology, dynamic linking of program A with program B does not make program A a derivative work of program B. So if program B is GPL'ed then program A does not need to be GPL compatible. So you could build a DLL from OpenSSL without using GPL'ed code (like the GPL'ed ReactOS headers) and you could use that DLL in your GPL'ed program without imposing restrictions from the GPL on the non-GPL'ed program.
Probably this is true, legally spoken, but in the spirit of the GPL it does. It does according to RMS, so the next version of GPL might very well state something on linking explicitely. I'd think we better stay on the safe site. The GPL never really was a legal document anyway.
Mark
According to attorney Lawrence Rosen, whom specializes in technology, dynamic linking of program A with program B does not make program A a derivative work of program B. So if program B is GPL'ed then program A
does
not need to be GPL compatible. So you could build a DLL from OpenSSL
without
using GPL'ed code (like the GPL'ed ReactOS headers) and you could use
that
DLL in your GPL'ed program without imposing restrictions from the GPL on
the
non-GPL'ed program.
Probably this is true, legally spoken, but in the spirit of the GPL it does. It does according to RMS, so the next version of GPL might very well state something on linking explicitely. I'd think we better stay on the safe site. The GPL never really was a legal document anyway.
Mark
I'm still looking for any information on if the GPL has been challenged in court and if so, what was ruled. Anyone got any information? Until the GPL has been challenged in court, I believe RMS is wrong and he is just trying to scare people of using free software with proprietary software because he screwed up when he wrote the GPL.
Casper
On Mon, 2004-02-23 at 02:47, Casper Hornstrup wrote:
I'm still looking for any information on if the GPL has been challenged in court and if so, what was ruled.
Nothing major that I know of; keep your eyes on the sco case, though.
Anyone got any information? Until the GPL has been challenged in court, I believe RMS is wrong and he is just trying to scare people of using free software with proprietary software because he screwed up when he wrote the GPL.
You have to recognize what RMS's motivation was/is: he wants all software to be Free. It's not surprising that he would craft his license to be extremely restrictive about non-free software, as a way to encourage coders to re-write non-free stuff and release it as Free, instead of just reusing the non-free version. He believes that an advertizing clause is restrictive of Freedom (which it certainly is by his definition), and therefore non-free.
I may not agree with his premise, but he certainly has done a good job executing against his vision. I certainly don't see the GPL as a mistake.
-Vizzini
-
Casper Hornstrup -
KJK::Hyperion -
Mark IJbema -
Steven Edwards -
Vizzini