[openssl-dev] License change agreement

Dirk-Willem van Gulik dirkx at webweaving.org
Fri Mar 24 16:00:11 UTC 2017


> On 24 Mar 2017, at 16:14, Quanah Gibson-Mount <quanah at symas.com> wrote:
> 
> --On Friday, March 24, 2017 2:17 PM +0000 "Salz, Rich" <rsalz at akamai.com> wrote:
> 
>>> As was noted back when this was brought up in 2015, there are other,
>>> better, licenses than the APLv2 which are also GPLv2 compatible.  The
>>> MPLv2 being an example of such a license.  There is also BSD, MIT/X11,
>>> etc.  The GPLv2 incompatibility of OpenSSL is a major problem.
>> 
>> Better in one dimension, not in the multiple dimensions that we are
>> concerned about.  For example, one of the major things that is an issue
>> for GPLv2 is the patent protection.  Patent protection is important to
>> us.  At least now we're compatible with GPL3, which is hopefully seen as
>> a major step forward.
>> 
>> Yes, it is too bad we can't please all communities right now.
> 
> Yes, you brought patent protection in 2015, and in 2015, I pointed out that the MPLv2 also has patent protections, but here's a refresher:
> 
> <http://en.swpat.org/wiki/Patent_clauses_in_software_licences#Apache_License_2.0>
> <http://en.swpat.org/wiki/MPL_and_patents>
> 
> The MPLv2 of course has the advantage of being compatible with both the GPLv2 and the GPLv3, etc.  I.e., it has much broader compatibility than the APLv2.
> 
> In 2 years time, I've yet to see one valid argument to using the APLv2 vs the MPLv2 originate from the OpenSSL team.

The two licenses are not identical. 

Specifically the MPL goes one step further with respect to the disclosure of the source code* -- The ASL stops just before that - and is more akin to the MIT and BSD licenses.

From personal experience - and given how OpenSSL is commonly used as one of many small components in a larger work - that does make (my) live in the real world a lot easer.

Dw.

*: (though not as far as the Free software licences; it limits it to the code under the MPL itself).


More information about the openssl-dev mailing list