Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Licensing: AGPL and OpenSSL #3

Open
lenerd opened this issue May 17, 2018 · 4 comments
Open

Licensing: AGPL and OpenSSL #3

lenerd opened this issue May 17, 2018 · 4 comments

Comments

@lenerd
Copy link
Collaborator

lenerd commented May 17, 2018

Hi,

this project is licensed under GNU AGPL-3.0 and uses MIRACL (APGL) and OpenSSL (OpenSSL License) as dependencies. However, the OpenSSL License is listed as GPL-incompatible. So this is probably an issue.

(I am no expert regarding software licenses.)

@dd23
Copy link
Member

dd23 commented May 17, 2018

Hi,
you are right, this might be an issue.
After some very quick research I found this: https://people.gnome.org/~markmc/openssl-and-the-gpl.html
But we will look into this in more detail soon.

@dd23
Copy link
Member

dd23 commented Aug 22, 2019

This should be almost resolved since eeab357, which changed our License to LGPL and replaced MIRACL with Relic.

One question remains: is OpenSSL compatible (enough) with the LGPL, or do we need to add an exemption for that case?

(I am also no expert regarding software licenses.)

@MartKro
Copy link

MartKro commented Aug 23, 2019

OpenSSL was relicensed under the Apache License 2.0 version some time ago. That license is compatible to be used in (L)GPLv3 projects according to the Apache Software Foundation so this is not an issue if a version is used which used the Apache license and not the old OpenSSL license.

@lenerd
Copy link
Collaborator Author

lenerd commented Sep 4, 2019

The relicensing applies to the currently unreleased version 3.0.0 of OpenSSL (OpenSSL Blog).

According to debian-legal:

I believe that there is no license conflict between the LGPL and the OpenSSL license except as regards relicensing LGPL works under the GPL, per paragraph 3 of the LGPL. If you are concerned with allowing people to incorporate your code into GPLed works, you may wish to add an exemption to the license you're using (after first securing permission from any other copyright holders, of course).

So if we want that other people who want to use our code in GPL software together with OpenSSL, we would need that exemption (if I understood that correctly).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants