[openssl-dev] The new OpenSSL license should be made GPLv2 compatible

Theodore Ts'o tytso at mit.edu
Sat Mar 25 21:16:25 UTC 2017

On Sat, Mar 25, 2017 at 07:47:23PM +0100, Carlos Alberto Lopez Perez wrote:
> Unfortunately, dynamically linking is not a solution.
> My understanding is that the GPLv2 considers any library used by the
> GPLv2 program (it doesn't make a difference between dynamic or static
> linking) part of the same whole covered work. [1]
> Therefore the respective licenses of each one of this libraries, can't
> impose any further restrictions on the rights granted by the GPLv2 itself.
> And the obligations that the Apache 2.0 license imposes over patent
> related rights, are considered a further restriction in this context.

It's complicated.

It's fair to say that the FSF adopts a copyright maximalist position,
and by their interpretation, the two licenses are incompatible, and it
doesn't matter whether the two pieces of code are linked staticaly,
dynamically, or (according to at least one very extereme apologist)
one calls the other over an RPC call.

Not everyone agrees with their legal analysis.  May I suggest that we
not play amateur lawyer on the mailing list, and try to settle this
here?  Each Linux distribution can make its own decision, which will
be based on its legal advice, the local laws and legal precedents in
which they operate, whether the code is owned by the an extremely
litigious entity, etc.

And indeed, different Linux distributions have already come to
different conclusions with respect to various license compatibility
issues.  (Examples: dynamically linking GPL programs with OpenSSL
libraries under the old license, distributing ZFS modules for Linux,

We don't expect lawyers to debug edge cases in a compiler's code
generation.  Programmers shouldn't try to parse edge cases in the law,
or try to use a soldering iron, unless they have explicit training and
expertise to do so.  :-)

				- Ted

More information about the openssl-dev mailing list