RFC: OpenSSL vs. GNU GPL (affects security/openvpn)?
Matthias Andree
ma at dt.e-technik.uni-dortmund.de
Tue Apr 29 16:18:00 PDT 2003
Hi,
it has recently been brought to my attention that the OpenVPN package
links against both OpenSSL (which is under a BSD-derived license with
advertising clause) and LZO (which is under the GNU GPL). OpenVPN itself
includes an exception to the GNU GPL allowing linking against OpenSSL.
The OpenVPN developers and Debian packagers (who brought this up first)
haven't yet been able to get special permission or a license change to
link LZO against OpenSSL (they sent a mail to the LZO maintainer in
January), so it seems there are now two options (there is a third one
but I don't consider that viable):
1. declare NOPACKAGE in the Makefile. That way, only the end user
performs the link, but he doesn't redistribute the code, so the
advertising clause doesn't bit the GNU GPL (is that correct?). This
can cause user inconvenience.
2. remove LZO (real-time compression) support from OpenVPN. This can
cause compatibility problems.
(3. Replace OpenSSL with some similar software that has a license
compatible with the GPL. GNUTLS is to become something like this,
but the maturity is unknown.)
How do I go about this now? I tend to use #1. Opinions? Is #1 sufficient
to solve the licensing issue?
--
Matthias Andree
More information about the freebsd-ports
mailing list