Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 29 Sep 2012 16:53:58 +0400
From: Alexander Cherepanov <cherepan@...me.ru>
To: john-dev@...ts.openwall.com
Subject: OpenSSL vs. GPL

On 2012-09-29 04:16, Milen Rangelov wrote:
> OpenSSL falls in the same category with its advertising clause.

Good that you mentioned OpenSSL because it's the next item in the list:-(

It's well-known that OpenSSL license is GPL-incompatible. So using it in
john is problematic. It's not that bad though. GPL have an exception
which is applicable here (from GPLv2):

| However, as a special exception, the source code distributed need not
| include anything that is normally distributed (in either source or
| binary form) with the major components (compiler, kernel, and so on)
| of the operating system on which the executable runs, unless that
| component itself accompanies the executable.

But note the last part of the exception ("unless...").

I see the situation as follows:
- source distribution is ok;
- binary distribution is ok if binaries link to openssl dynamically and
the bundle doesn't include the library;
- binaries statically linked with openssl are not ok and should be
removed from wiki and elsewhere;
- inclusion of jumbo in Linux distributions (Mageia?) is not ok.

A long-term solution is IMHO to support other crypto libraries (starting
with gnutls through gnutls-openssl compatibility layer).

-- 
Alexander Cherepanov

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.