Re: [Improved patch!] Was: Re: [Evolution-hackers] [PATCH] Fix OpenSSL certificate validation in Evolution (1.4.4 and 1.4.6)

[Not Zed <notzed ximian com>]

I don't want to prolong this overly, and i'm sorry if everyone on the CC list is already over-done on this, but I might add the argument is more legal than technical (at least by now, i presume it works better than it did).  I'd forgotten about all the details.

OpenSSL's license includes additional restrictions that make it incompatible with the GPL.  In much the same way the new xfree86 license is.  i.e. the 'bsd advertising clause', and other restrictions.

I know distributions use the 'system software' argument to claim they are ok, but this doesn't actually seem to be the problem with openssl's license.  I suspect anyone distributing copies of evolution with openssl linked in are either violating evolution's gpl v2 license, or openssl's license or both.  This doesn't affect individuals or organisations who compile it themselves for internal use (at least from the gpl side).

e.g.
http://lists.debian.org/debian-legal/2002/05/msg00118.html
and more recently another gpl'd project:
http://www.ethereal.com/lists/ethereal-dev/200406/msg00052.html

We're not interested in changing evolution's license to suit, we have a perfectly usable alternative which we're using instead and don't need to have to worry about saying 'uses libfoo' everywhere.

> I know at least some of you Ximian Developers don't like OpenSSL, but
> other people, in particular distributions like it, and you will find
> that distros always compile evolution with openssl support, like it or
> not.  It also happens to work beautifully with my patch so why not
> include it?  If you don't use openssl fine, but at least allow everyone
> else to use it without having to apply a patch first...  Thank you.

--

Michael Zucchi <notzed ximian com> "born to die, live to work, it's all downhill from here" Novell's Evolution and Free Software Developer