Re: TODO: GNU TLS - Mailing list pgsql-hackers

From Markus Schiltknecht
Subject Re: TODO: GNU TLS
Date
Msg-id 4597E09D.8050305@bluegap.ch
Whole thread Raw
In response to Re: TODO: GNU TLS  (Martijn van Oosterhout <kleptog@svana.org>)
List pgsql-hackers
Hi,

Martijn van Oosterhout wrote:
> Please read the OpenSSL-GPL FAQ. They themselves acknowledge it's a
> problem, but claim they fall under the "operating system exception",
> which is fine for everyone except the distributor of the operating
> system.
> 
> http://www.openssl.org/support/faq.html#LEGAL2

Thanks for the link. Unfortunately that FAQ does not say anything about 
the advertising clause or how they want it to be interpreted.

> They recommend that if you want to use OpenSSL, use a licence other
> than the GPL.

..which could be seen as a sign that they take their advertising clause 
serious. I wonder how much of their code is still copyrighted by authors 
refusing to remove that clause...

> Wikipedia also has more information about this.
> 
> http://en.wikipedia.org/wiki/OpenSSL

I also found this to be a good description:
http://www.gnome.org/~markmc/openssl-and-the-gpl.html

[ OT: Generally, I feel that the exceptions which are made to the GPL 
are very messy and confusing. And again, the exception implicitly states 
that the OpesSSL Projects wants you to adhere to the advertising clause. ]

> The original authors have been asked and apparently can't be found or
> don't care. I strongly suggest you read the openssl archives before
> opening this can of worms. Note the authors involved are no longer part
> of OpenSSL, they have another SSL library, so they're probably not
> inclined to be nice.

Sure, I've heard about that and won't open that can of worms ;-)

>> Following that 'better-safe-than-sorry' philosophy, one could ask if 
>> PostgreSQL shouldn't better include the acknowledgements of OpenSSL (and 
>> MIT Kerberos) in all of their advertising materials...
> 
> AIUI all compiled distributions of postgresql using openssl do actually
> include such. For example the Windows Installer.

The OpenSSL license speaks of "all advertising materials mentioning .. 
use of this software". IMO, the PostgreSQL website matches that 
criterion very well, doesn't it?

AFAICT, that's why so many people avoid advertising clauses like the 
plague. (And why it's called 'advertising clause' and not 'compiled 
distribution clause'.)

Probably PostgreSQL should ask for an exception... ;-)

> We're in the bizarre situation were both Debian and the OpenSSL groups
> beleive it is a problem, and postgresql does not. Quite odd.

I somehow don't understand how this could *not* be a problem. My 
reasoning is that one must not not respect authors wishes (licenses) 
very much if one feels this is not a problem.

Regards

Markus



pgsql-hackers by date:

Previous
From: "Joshua D. Drake"
Date:
Subject: Re: TODO: GNU TLS
Next
From: Stefan Kaltenbrunner
Date:
Subject: Re: Recent SIGSEGV failures in buildfarm HEAD