Re: Will OpenSSL's license change impact us?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, Mar 25, 2017 at 5:57 PM, demerphq <demerphq@xxxxxxxxx> wrote:
> On 25 March 2017 at 17:35, Ævar Arnfjörð Bjarmason <avarab@xxxxxxxxx> wrote:
>> On Sat, Mar 25, 2017 at 10:43 AM, demerphq <demerphq@xxxxxxxxx> wrote:
>>>
>>>
>>> On 25 Mar 2017 10:18 a.m., "Ævar Arnfjörð Bjarmason" <avarab@xxxxxxxxx>
>>> wrote:
>>>
>>> On Sat, Mar 25, 2017 at 9:40 AM, demerphq <demerphq@xxxxxxxxx> wrote:
>>>> On 25 March 2017 at 00:51, Ævar Arnfjörð Bjarmason <avarab@xxxxxxxxx>
>>>> wrote:
>>>>> They're changing their license[1] to Apache 2 which unlike the current
>>>>> fuzzy compatibility with the current license[2] is explicitly
>>>>> incompatible with GPLv2[3].
>>>>
>>>> Are you sure there is an issue? From the Apache page on this:
>>>>
>>>> Apache 2 software can therefore be included in GPLv3 projects, because
>>>> the GPLv3 license accepts our software into GPLv3 works. However,
>>>> GPLv3 software cannot be included in Apache projects. The licenses are
>>>> incompatible in one direction only, and it is a result of ASF's
>>>> licensing philosophy and the GPLv3 authors' interpretation of
>>>> copyright law.
>>>>
>>>> Which seems to be the opposite of the concern you are expressing.
>>>
>>> The Apache 2 license is indeed compatible with the GPLv3, but the Git
>>> project explicitly uses GPLv2 with no "or later" clause
>>>
>>>
>>> Read the paragraph immediately (I think) after the one I quoted where they
>>> state the situation is the same with GPL v2.
>>
>> My understanding of that paragraph is that it's still laying out
>> caveats about exactly how GPLv3 is compatible with Apache 2, when it
>> is, when it isn't etc. But then it goes on to say:
>>
>> """
>> Despite our best efforts, the FSF has never considered the Apache
>> License to be compatible with GPL version 2, citing the patent
>> termination and indemnification provisions as restrictions not present
>> in the older GPL license. The Apache Software Foundation believes that
>> you should always try to obey the constraints expressed by the
>> copyright holder when redistributing their work.
>> """
>>
>> So they're just deferring to the FSF saying it's incompatible, the
>> FSF's statement:
>> https://www.gnu.org/licenses/license-list.html#apache2 "this license
>> is not compatible with GPL version 2".
>>
>> Anyway, I'm not a lawyer. Just thought I'd send some E-Mail about this
>> since I noticed it, if it's an issue (and we could e.g. get the SFC to
>> comment, Jeff?) we might need to add e.g. some checks / macros to
>> ensure we're not compiling against an incompatible OpenSSL.
>
> Just for the record this what Apache says, with the part I was
> referring to earlier in slash style italics, and a couple of a key
> points in star style bold:
>
> ----quote----
> Apache 2 software *can therefore be included in GPLv3 projects*,
> because the GPLv3 license accepts our software into GPLv3 works.
> However, GPLv3 software cannot be included in Apache projects. *The
> licenses are incompatible in one direction only*, and it is a result
> of ASF's licensing philosophy and the GPLv3 authors' interpretation of
> copyright law.
>
> This licensing incompatibility applies only when some Apache project
> software becomes a derivative work of some GPLv3 software, because
> then the Apache software would have to be distributed under GPLv3.
> This would be incompatible with ASF's requirement that all Apache
> software must be distributed under the Apache License 2.0.
>
> We avoid GPLv3 software because merely linking to it is considered by
> the GPLv3 authors to create a derivative work. We want to honor their
> license. Unless GPLv3 licensors relax this interpretation of their own
> license regarding linking, our licensing philosophies are
> fundamentally incompatible. /This is an identical issue for both GPLv2
> and GPLv3./
> ----quote----
>
> I read that as saying that you can use Apache 2 code in GPL projects,
> but you can't use GPL code in Apache projects. Which makes sense as
> Apache 2 is more liberal than GPL.

In GPLv3 projects only, not GPLv2 projects. The paragraphs you're
quoting all explicitly mention v3 only, so statements like
"incompatible in one direction" only apply to Apache 2 && GPLv3, but
don't at all apply to GPLv2, which is what we're using.




[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]