[openssl-dev] We're working on license changes

Kurt Roeckx kurt at roeckx.be
Sat Nov 21 22:39:39 UTC 2015 

On Sat, Nov 21, 2015 at 10:09:51PM +0000, Ben Laurie wrote:
> On Sat, 21 Nov 2015 at 21:14 Kurt Roeckx <kurt at roeckx.be> wrote:
> 
> > On Sat, Nov 21, 2015 at 12:02:22PM -0800, Quanah Gibson-Mount wrote:
> > > --On Saturday, November 21, 2015 8:24 PM +0100 Kurt Roeckx <
> > kurt at roeckx.be>
> > > wrote:
> > > >>So the MPLv2 is compatible with the APLv2.  The MPLv2 is compatible
> > with
> > > >>the GPLv2 and the APLv2 is copmatible with GPLv3.  The MPLv2 has patent
> > > >>language along the same lines as the APLv2.  I haven't looked into it
> > > >>and I am not a lawyer, but would it be possible to dual license via the
> > > >>MPLv2 and the APLv2?  If so, that would keep the patent protections and
> > > >>allow both GPLv2 and GPLv3 compatibility.
> > > >
> > > >I think the answer to that is complicated.  The safest way to look
> > > >at this, at what most people seem to be doing, is that if it all
> > > >ends up in 1 "program", all licenses must be complied with at the
> > > >same time and so must be compatible.
> > >
> > > That's an interesting take I've not encountered.  Our legal office has us
> > > elect specifically which license we will be using when pulling in
> > software
> > > with multiple licenses.
> >
> > I think there was a misunderstanding of what I was trying to say.
> > If you have software A with license B or C, and software D makes
> > use of that with license E or F.  If that in turn makes use of G
> > with license H or I, you will need to find a combination of
> > (B || C) && (E || F) && (H || I) where you have 3 license that are
> > compatible, not just 2 from (B || C) && (E || F), and then 2 from
> > (E || F) && (H || I).
> >
> 
> Well, now you put it that way, I have to disagree.
> 
> Let's say:
> 
>  A and D are compatible because B and E are.
> D and G are compatible because F and H are.
> G and A are compatible because I and C are.
> 
> Who has been harmed here?

Some people will argue that A is then covered by both B and C at
the same time and you need to comply with both, it's no longer an
option to use either B or C.  The same goes for D being both E
and F, and G being both H and I.

If you drop the last line, because there is no direct link between
A and G, you end up with just B, E, F and H you need to comply
with at the same time.  But some will argue that that is not good
enough because they're all linked together.


Kurt

More information about the openssl-dev mailing list