Date: Wed, 30 Apr 2003 01:17:53 +0200 From: Matthias Andree <ma@dt.e-technik.uni-dortmund.de> To: freebsd-ports@freebsd.org Subject: RFC: OpenSSL vs. GNU GPL (affects security/openvpn)? Message-ID: <m3wuhcj3ku.fsf@merlin.emma.line.org>
next in thread | raw e-mail | index | archive | help
Hi, it has recently been brought to my attention that the OpenVPN package links against both OpenSSL (which is under a BSD-derived license with advertising clause) and LZO (which is under the GNU GPL). OpenVPN itself includes an exception to the GNU GPL allowing linking against OpenSSL. The OpenVPN developers and Debian packagers (who brought this up first) haven't yet been able to get special permission or a license change to link LZO against OpenSSL (they sent a mail to the LZO maintainer in January), so it seems there are now two options (there is a third one but I don't consider that viable): 1. declare NOPACKAGE in the Makefile. That way, only the end user performs the link, but he doesn't redistribute the code, so the advertising clause doesn't bit the GNU GPL (is that correct?). This can cause user inconvenience. 2. remove LZO (real-time compression) support from OpenVPN. This can cause compatibility problems. (3. Replace OpenSSL with some similar software that has a license compatible with the GPL. GNUTLS is to become something like this, but the maturity is unknown.) How do I go about this now? I tend to use #1. Opinions? Is #1 sufficient to solve the licensing issue? -- Matthias Andree
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?m3wuhcj3ku.fsf>