Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=467237 --- Comment #11 from Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> 2009-05-11 18:07:50 EDT --- The two original licenses in the file are the original dual licensing of openssl: http://www.openssl.org/source/license.html Upstream then copied the file into their source and added their own license statement to it, which is Apache 2. I agree this addition is a bit questionable. If this file would instead have been installed as part of the openssl package then this package would be Apache-2 like all the other globus packages. Also, if the "relicensing" done by upstream is OK, then we can say this file is Apache 2, and then the package would be Apache 2 as well. However, if this is not the case the library is a unit compiled from some sources having Apache 2 license and other sources (one file) having openssl license. These two licenses are compatible with each other, but neither of them "wins" the way GPL always does. In this case the License tag should be "ASL 2.0 and OpenSSL". This might in fact be the right thing to do. -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug. _______________________________________________ Fedora-package-review mailing list Fedora-package-review@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-package-review