Re: TODO: GNU TLS

Hi,

Martijn van Oosterhout wrote:
> Please read the OpenSSL-GPL FAQ. They themselves acknowledge it's a
> problem, but claim they fall under the "operating system exception",
> which is fine for everyone except the distributor of the operating
> system.
>
> http://www.openssl.org/support/faq.html#LEGAL2

Thanks for the link. Unfortunately that FAQ does not say anything about
the advertising clause or how they want it to be interpreted.

> They recommend that if you want to use OpenSSL, use a licence other
> than the GPL.

..which could be seen as a sign that they take their advertising clause
serious. I wonder how much of their code is still copyrighted by authors
refusing to remove that clause...

> Wikipedia also has more information about this.
>
> http://en.wikipedia.org/wiki/OpenSSL

I also found this to be a good description:
http://www.gnome.org/~markmc/openssl-and-the-gpl.html

[ OT: Generally, I feel that the exceptions which are made to the GPL
are very messy and confusing. And again, the exception implicitly states
that the OpesSSL Projects wants you to adhere to the advertising clause. ]

> The original authors have been asked and apparently can't be found or
> don't care. I strongly suggest you read the openssl archives before
> opening this can of worms. Note the authors involved are no longer part
> of OpenSSL, they have another SSL library, so they're probably not
> inclined to be nice.

Sure, I've heard about that and won't open that can of worms ;-)

>> Following that 'better-safe-than-sorry' philosophy, one could ask if
>> PostgreSQL shouldn't better include the acknowledgements of OpenSSL (and
>> MIT Kerberos) in all of their advertising materials...
>
> AIUI all compiled distributions of postgresql using openssl do actually
> include such. For example the Windows Installer.

The OpenSSL license speaks of "all advertising materials mentioning ..
use of this software". IMO, the PostgreSQL website matches that
criterion very well, doesn't it?

AFAICT, that's why so many people avoid advertising clauses like the
plague. (And why it's called 'advertising clause' and not 'compiled
distribution clause'.)

Probably PostgreSQL should ask for an exception... ;-)

> We're in the bizarre situation were both Debian and the OpenSSL groups
> beleive it is a problem, and postgresql does not. Quite odd.

I somehow don't understand how this could *not* be a problem. My
reasoning is that one must not not respect authors wishes (licenses)
very much if one feels this is not a problem.

Regards

Markus