[openssl-dev] License change agreement

Kurt Roeckx kurt at roeckx.be
Fri Mar 24 19:21:58 UTC 2017

On Fri, Mar 24, 2017 at 08:02:25PM +0100, Florian Weimer wrote:
> * Quanah Gibson-Mount:
> > Zero people that I know of are saying to switch to the GPL.  What is
> > being pointed out is that the incompatibility with the current
> > OpenSSL license with the GPLv2 has been a major problem.
> The alleged incompatibility of OpenSSL with the GPLv2 has been used to
> promote GNUTLS in the past (and to a much lesser extent, a certain
> crypto consolidation effort intending to switch everything to NSS).
> But GNUTLS has since left the GNU project, and I'm not aware of anyone
> on the distribution side still saying that the old OpenSSL license
> (particular when used as a dynamically-linked system library) and the
> GPLv2 are incompatible.  It's just not considered a problem anymore.

As far as I know, for Debian it's still a problem that a GPL
application links to openssl.

A few examples:
- We have multiple curl versions, linked to openssl, gnutls, nss.
  And you then have to build against the correct one for license
- QT (which is LGPL?) does not itself link to libssl but can
  dynamically load it so that GPL applications can use QT assuming
  they don't use SSL.
- We have asked upstream projects to add an openssl exception to
  their GPL license.


More information about the openssl-dev mailing list