Martijn van Oosterhout <kleptog@xxxxxxxxx> wrote: > Well, it's a Debian problem that possibly applies to Linux distrubutors > in general. Here is a good write up: > > http://www.gnome.org/~markmc/openssl-and-the-gpl.html > > The issue is that while anybody else can take advantage of the > "components usually part of the OS" clause, Debian as a distributor of > both, can't. Thanks Martijn! I've forwarded that URL to the freeradius people. > BTW, here[1] states the issue is that one of the developers you'd have > to convince is Eric Young, who went off to work on a competitor to > OpenSSL. He's unlikely to make it any easier for people to use OpenSSL. > > [1] http://www.winehq.com/hypermail/wine-license/2002/03/0161.html Yup. I've tried to get an email out to him... Tim Hudson also works with RSA and I've sent a comment to his blog and an email to the openssl list, but I can't find any current email address for Eric himself. > Not, sure. The postgresql module is part of the freeradius package. You > could only relicence it if all the writers of code in that module > (including code copied from other modules) agree. I doubt this would be > any less difficult. I think it will be less difficult, only because the instigators of the licensing there are available for comment. :-) I see this continuining to be a problem for the postgresql community given how many GPLed projects use libpq. freeradius might be fixable with a change in their license, but for postgresql to continue to be reasonably usable by GPLed projects, either OpenSSL's license needs to change, or we need to support an alternative secure socket api like GnuTLS. GnuTLS is LGPL, which isn't quite as liberal as postgresql's license, but should still be ubiqutous enough to be worthwhile. Cheers, Tyler