From: Mark H Weaver <mhw@netris.org>
To: Andreas Enge <andreas@enge.fr>
Cc: guix-devel@gnu.org
Subject: Re: [PATCH] Libressl
Date: Mon, 15 Jun 2015 17:16:06 -0400 [thread overview]
Message-ID: <87k2v4hdux.fsf@netris.org> (raw)
In-Reply-To: <20150615203014.GB5980@debian> (Andreas Enge's message of "Mon, 15 Jun 2015 22:30:14 +0200")
Andreas Enge <andreas@enge.fr> writes:
> On Mon, Jun 15, 2015 at 04:15:40PM -0400, Mark H Weaver wrote:
>> The COPYING file says that the OpenSSL code is under the OpenSSL license
>> and the new contributions are under ISC or public domain, so how about
>> this instead?
>> (license (list license:openssl
>> license:isc)))))
>
> I read the file, but did not realise it corresponded to a license we already
> have. Anyway, the claim seems to be wrong.
>
> For instance, ssl/bio_ssl.c starts with this:
The license you pasted is the original SSLeay License, whereas
<https://www.gnu.org/licenses/license-list.html#OpenSSL> says:
The license of OpenSSL is a conjunction of two licenses, one of them
being the license of SSLeay. You must follow both. [...]
However, I see now that this is a bit confusing, and we made a mistake
in our 'license' field of our OpenSSL package. My casual reading of the
above text led me believe that the "OpenSSL License" is itself a
conjunction of the two licenses, but I see that
<http://directory.fsf.org/wiki/License:OpenSSL> does not include the
SSLeay license.
So, I think we should add 'ssleay' to (guix licenses) and then add it to
the license field of 'openssl' along with a comment explaining that the
requirements of both (all?) licenses must be followed.
> Then, tls/strsep.c starts like this:
>
> /*-
> * Copyright (c) 1990, 1993
> * The Regents of the University of California. All rights reserved.
> *
> * Redistribution and use in source and binary forms, with or without
> * modification, are permitted provided that the following conditions
> * are met:
> * 1. Redistributions of source code must retain the above copyright
> * notice, this list of conditions and the following disclaimer.
> * 2. Redistributions in binary form must reproduce the above copyright
> * notice, this list of conditions and the following disclaimer in the
> * documentation and/or other materials provided with the distribution.
> * 3. Neither the name of the University nor the names of its contributors
> * may be used to endorse or promote products derived from this software
> * without specific prior written permission.
> *
> * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
> * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
> * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
> * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
> * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
> * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
> * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
> * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
> * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
> * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
> * SUCH DAMAGE.
> */
>
> This is BSD-3 in which "the author" has been replaced by "the University"
> or "THE REGENTS AND CONTRIBUTORS".
Good catch! This is another omission from the license field of our
'openssl' package. The Debian packagers missed this one as well.
However, these omissions are not remedied by citing "file://COPYING",
since that file has the same omissions and does not even include the
text of the ISC license.
So, in summary, I think the 'openssl' license field should be changed to
something like this:
(license (list license:openssl
license:ssleay
(license:non-copyleft
"file://tls/strsep.c"
"Slightly modified BSD-3. See tls/strsep.c in the source distribution")))))
and 'libressl' should be the same but with 'license:isc' added as well.
What do you think?
> Admittedly, I did not check all the source files.
If you find any more, they should be added to the appropriate license
fields.
Thanks for your vigilance!
Mark
next prev parent reply other threads:[~2015-06-15 21:16 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-06-15 19:11 [PATCH] Libressl Andreas Enge
2015-06-15 20:15 ` Mark H Weaver
2015-06-15 20:30 ` Andreas Enge
2015-06-15 21:16 ` Mark H Weaver [this message]
2015-07-03 20:26 ` Andreas Enge
2015-06-16 9:56 ` Ludovic Courtès
2015-07-03 19:57 ` Andreas Enge
2015-07-05 15:17 ` Andreas Enge
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87k2v4hdux.fsf@netris.org \
--to=mhw@netris.org \
--cc=andreas@enge.fr \
--cc=guix-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).