Re: Will OpenSSL's license change impact us?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, Mar 25, 2017 at 10:43 AM, demerphq <demerphq@xxxxxxxxx> wrote:
>
>
> On 25 Mar 2017 10:18 a.m., "Ævar Arnfjörð Bjarmason" <avarab@xxxxxxxxx>
> wrote:
>
> On Sat, Mar 25, 2017 at 9:40 AM, demerphq <demerphq@xxxxxxxxx> wrote:
>> On 25 March 2017 at 00:51, Ævar Arnfjörð Bjarmason <avarab@xxxxxxxxx>
>> wrote:
>>> They're changing their license[1] to Apache 2 which unlike the current
>>> fuzzy compatibility with the current license[2] is explicitly
>>> incompatible with GPLv2[3].
>>
>> Are you sure there is an issue? From the Apache page on this:
>>
>> Apache 2 software can therefore be included in GPLv3 projects, because
>> the GPLv3 license accepts our software into GPLv3 works. However,
>> GPLv3 software cannot be included in Apache projects. The licenses are
>> incompatible in one direction only, and it is a result of ASF's
>> licensing philosophy and the GPLv3 authors' interpretation of
>> copyright law.
>>
>> Which seems to be the opposite of the concern you are expressing.
>
> The Apache 2 license is indeed compatible with the GPLv3, but the Git
> project explicitly uses GPLv2 with no "or later" clause
>
>
> Read the paragraph immediately (I think) after the one I quoted where they
> state the situation is the same with GPL v2.

My understanding of that paragraph is that it's still laying out
caveats about exactly how GPLv3 is compatible with Apache 2, when it
is, when it isn't etc. But then it goes on to say:

"""
Despite our best efforts, the FSF has never considered the Apache
License to be compatible with GPL version 2, citing the patent
termination and indemnification provisions as restrictions not present
in the older GPL license. The Apache Software Foundation believes that
you should always try to obey the constraints expressed by the
copyright holder when redistributing their work.
"""

So they're just deferring to the FSF saying it's incompatible, the
FSF's statement:
https://www.gnu.org/licenses/license-list.html#apache2 "this license
is not compatible with GPL version 2".

Anyway, I'm not a lawyer. Just thought I'd send some E-Mail about this
since I noticed it, if it's an issue (and we could e.g. get the SFC to
comment, Jeff?) we might need to add e.g. some checks / macros to
ensure we're not compiling against an incompatible OpenSSL.

>
> $ head -n 18 COPYING
>
>  Note that the only valid version of the GPL as far as this project
>  is concerned is _this_ particular version of the license (ie v2, not
>  v2.2 or v3.x or whatever), unless explicitly otherwise stated.
>
>  HOWEVER, in order to allow a migration to GPLv3 if that seems like
>  a good idea, I also ask that people involved with the project make
>  their preferences known. In particular, if you trust me to make that
>  decision, you might note so in your copyright message, ie something
>  like
>
>         This file is licensed under the GPL v2, or a later version
>         at the discretion of Linus.
>
>   might avoid issues. But we can also just decide to synchronize and
>   contact all copyright holders on record if/when the occasion arises.
>
>                         Linus Torvalds
>
>




[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]