[openssl-dev] The new OpenSSL license should be made GPLv2 compatible

James Bottomley James.Bottomley at HansenPartnership.com
Sat Mar 25 23:55:48 UTC 2017

On Sat, 2017-03-25 at 21:48 +0100, Florian Weimer wrote:
> * James Bottomley:
> > On Sat, 2017-03-25 at 16:10 +0000, Salz, Rich via openssl-dev
> > wrote:
> > >  
> > > > Please, in the final OpenSSL license text add the paragraph 
> > > > linked in the above LLVM mailing list as an exception to the 
> > > > Apache license.
> > > > 
> > > > We should make sure using OpenSSL in GPLv2-only projects its 
> > > > possible without any trouble or concern for developers.
> > > 
> > > The problem is that if it is distributed under the GPLv2 there is 
> > > no patent protection, and that is important to us.
> > 
> > I've already told you once that this is a factually incorrect 
> > statement because (L)GPLv2 contains an implicit patent licence:
> I think the fact that Richard rejects dual licensing indicates that
> it's not the lack of a licence that concerns him, but something else.
> He calls it “patent protection”; I assume he refers to the weak
> mutually assured destruction clause in the Apache license (the “If 
> You institute patent litigation against any entity” part).

Oh, OK ... and Rich confirms that below.  So I agree, GPLv2 doesn't
have a patent retaliation clause.

> I don't think the GPL, version 2, contains anything remote close to
> *that*, implied or otherwise.

No; the closest is clause 7 which basically shuts down distribution for
everyone in the event of a successful patent assertion.  You could also
characterise that as a mutually assured destruction clause.

However both of these only work if the asserting entity needs the
rights that are blocked.  Unfortunately the most problematic assertions
nowadays are done by troll entities who don't need any rights from us.


More information about the openssl-dev mailing list