Sebastian Andrzej Siewior <[email protected]> writes: > Yes and my understanding is that every GPLv2 software, that links > against openssl, needs such an addon.
The alternative being that the resulting work is not legally redistributable (because the terms of both GPLv2 and the OpenSSL license cannot be simultaneously satisfied). So yes, the only way such a work can be distributed conforming to both those sets of conditions if the grant of license gives *more* permissions (such as one you state), at which it's not merely GPL any more. > The wording (of the addon) was drafted on debian-legal a few years > back. Can you give citations to what you're referring to? there have been many such discussions so it would help if we're both talking about the same thing. > So this is true for series 1.1.1 and earlier. The master branch will be > released as 3.0 and some point. So we have some time to clarify this > :) Ah, so this is not a change that has happened yet. Good, thank you for bringing it to our attention so we can discuss it :-) > Please see > https://www.openssl.org/blog/blog/2018/11/28/version/ The part of that article salient for this discussion seems to be: OpenSSL version 3.0.0 will be the first version that we release under the Apache License 2.0. We will not be applying the Apache License to earlier releases of OpenSSL. That doesn't specify the grant of license so it's unclear what the total set of conditions will be. > https://github.com/openssl/openssl/blob/master/LICENSE That is a nearly-verbatim copy of the Apache License 2.0 with no legally substantive changes (only the URL in the header changed to an HTTPS). Merely dropping a copy of the license document doesn't tell use exactly what is the grant of license, as many works (including OpenSSL itself, and as you point out a lot of works that link to OpenSSL) have a complex grant of license that incorporates some combination of conditions. It is not enough to assume that a license document implies the entire grant of license. So we will need to see what exact text is the grant of license (the text saying something like "This is OpenSSL, Copyright © 2018 Foo Bar. You are hereby granted freedom to do X, Y, Z under these explicit specific conditions"). Is the grant of license somewhere in the Git repository to be examined? -- \ “… correct code is great, code that crashes could use | `\ improvement, but incorrect code that doesn’t crash is a | _o__) horrible nightmare.” —Chris Smith, 2008-08-22 | Ben Finney
