[go: up one dir, main page]
|
|
Log in / Subscribe / Register

LibreSSL languishes on Linux

LibreSSL languishes on Linux

Posted Jan 5, 2021 0:12 UTC (Tue) by Sesse (subscriber, #53779)
In reply to: LibreSSL languishes on Linux by josh
Parent article: LibreSSL languishes on Linux

It is also deeply unfortunate that they chose a license whose GPL compatibility is controversial. You'll find half the lawyers saying GPLv2 and Apache 2 are obviously compatible, and half of them saying they're obviously not. Given that half the point of the license switch was to get out of the GPLv2-licensing-exception mess, I'm not sure you could have made a worse choice among the larger licenses.

to post comments

LibreSSL languishes on Linux

Posted Jan 5, 2021 3:12 UTC (Tue) by josh (subscriber, #17465) [Link] (3 responses)

It's compatible with GPLv3, which makes it compatible with "GPLv2 or later", so that solves the vast majority of compatibility issues.

LibreSSL languishes on Linux

Posted Jan 5, 2021 6:31 UTC (Tue) by krijgdenergstenkanker (guest, #125984) [Link] (2 responses)

That's an inversion of how licence compatibility work.
For a licence x to be compatible with GPLv2/3, it must be compatible with both v2 and v3.
Since v2+ is a potentially infinite list of licences, no licence is compatible with it except a subset of itself.

LibreSSL languishes on Linux

Posted Jan 5, 2021 6:47 UTC (Tue) by dvdeug (subscriber, #10998) [Link] (1 responses)

If a work is GPL v2 or any later version, then you may take it as any particular version. If you're linking it with some other piece of software that is only compatible with v3, then the work is effectively GPL v3. It can be limiting, since the work is effectively no longer GPL v2 unless you don't link it with SSL, but it is legit.

LibreSSL languishes on Linux

Posted Jan 5, 2021 23:35 UTC (Tue) by pm215 (subscriber, #98099) [Link]

Some code is GPL-v2-only, though, and in that case you can't use the 'treat as v3' trick that you can with GPL-v2-or-any-later-version licensed code.

LibreSSL languishes on Linux

Posted Jan 5, 2021 4:18 UTC (Tue) by pabs (subscriber, #43278) [Link] (2 responses)

Do people pay attention to GPL compatibility for OpenSSL? Fedora declared it a "system library" in order to ignore the incompatibility and Debian is now doing that too.

https://lists.debian.org/debian-devel/2020/10/msg00165.html
https://lists.debian.org/debian-devel/2020/10/msg00168.html

LibreSSL languishes on Linux

Posted Jan 5, 2021 7:41 UTC (Tue) by edomaur (subscriber, #14520) [Link] (1 responses)

Well, OpenSSL *is* a system library. It would be strange if it wasn't the case with its somewhat central status in connection security.

LibreSSL languishes on Linux

Posted Jan 5, 2021 7:44 UTC (Tue) by pabs (subscriber, #43278) [Link]

The system library exception isn't meant to be used in the way that Linux distros are using it, even one of RedHat's lawyers called Fedora's use of it "obviously bogus":

https://lists.debian.org/debian-devel/2020/10/msg00168.html

LibreSSL languishes on Linux

Posted Jan 5, 2021 7:10 UTC (Tue) by epa (subscriber, #39769) [Link] (1 responses)

I have some sympathy for the OpenBSD developers, who when the Apache 2 licence was first announced, decided it was too complicated to understand (among other problems) and they wouldn't allow it.

LibreSSL languishes on Linux

Posted Jan 5, 2021 9:49 UTC (Tue) by joib (subscriber, #8541) [Link]

Sympathy, yes, but.. It's not THAT complicated. While there are more words than in a permissive BSD/MIT style license, it also uses those words to clarify what exactly the license conditions mean. AFAICS many organizations large and small with presumably competent legal advice have chosen Apache 2.0 as the go-to permissive license, suggesting that there's no hidden mine lurking in the text.

LibreSSL languishes on Linux

Posted Jan 5, 2021 8:58 UTC (Tue) by joib (subscriber, #8541) [Link]

Too bad they didn't pick up the "LLVM exception" to the Apache 2.0 license, which was made to deal with the GPL2 compatibility issue (though the LLVM exception is relatively recent, maybe it didn't exist or they weren't aware of it at the time). See e.g. https://spdx.org/licenses/LLVM-exception.html . Used by at least LLVM and CUPS.

LibreSSL languishes on Linux

Posted Jan 5, 2021 15:15 UTC (Tue) by paravoid (subscriber, #32869) [Link]

Indeed… I left a comment to that effect in their original 2017 announcement, but sadly it received no response: https://www.openssl.org/blog/blog/2017/03/22/license/


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds