Re: [PATCH] Add support for OpenSSL's libcrypto as crypto backend

From: Dan Williams <dcbw redhat com>
To: Thomas Horsten <thomas horsten com>
Cc: Thomas Horsten <thomas horsten citrix com>, networkmanager-list gnome org
Subject: Re: [PATCH] Add support for OpenSSL's libcrypto as crypto backend
Date: Fri, 09 Apr 2010 12:11:00 -0700

On Fri, 2010-04-09 at 13:45 +0100, Thomas Horsten wrote:
> On 9 April 2010 00:48, Dan Williams <dcbw redhat com> wrote:
>         On Thu, 2010-04-08 at 19:16 +0100, Thomas Horsten wrote:
>         > For legal compliance and certification reasons it can be
>         useful to use
>         > a specific cryptographic backend in a product with
>         NetworkManager.
>         
>         
>         Unfortunately, it's illegal to combine OpenSSL with GPL code
>         unless the
>         code has specifically added an OpenSSL exception
>         (NetworkManager does
>         not have such an exception).  So while I greatly appreciate
>         the work
>         that you've done, I feel very uneasy about accepting a patch
>         that when
>         enabled, would make distribution of the result illegal :(
> 
> 
> I'm a bit confused about this now - although the COPYING file in the
> libnm-utils is GPLv2, the headers of the source files for the library
> all have LGPL and not GPL, and so it should be fine to link with
> OpenSSL. I'm not sure though, and I don't know the history of
> NetworkManager well enough to see through what's going on here, so any
> clarification would be appreciated.
> 
> 
> If the library is indeed LGPL though, I don't see a problem with
> including the OpenSSL backend.

It's not a problem if libnm-util is never used by a GPL program.  But
the problem comes when you install something that uses libnm-util, and
is GPL.

NetworkManager itself links to libnm-glib and libnm-util, as do other
programs like nm-applet.  Thus, if you have an OpenSSL-enabled
libnm-util on your system, and you install NetworkManager, you cannot
legally run NetworkManager if it is linked to that libnm-util.

Would you mind modifying the patch to include a large warning in
configure.ac that says something like the following when you
"./configure --with-crypto=openssl":

---
WARNING!
Enabling OpenSSL support may cause the combination of libnm-util and GPL
programs to be illegal in your jurisdiction.  Please check with your
lawyer before enabling OpenSSL support.
---

I'll keep checking with some legal-type people for more information.
I'm not necessarily against the patch, but we do need to have some sort
of warning here.

Thanks!
Dan

Follow-Ups:
- Re: [PATCH] Add support for OpenSSL's libcrypto as crypto backend
  - From: Bastien Nocera

References:
- [PATCH] Add support for OpenSSL's libcrypto as crypto backend
  - From: Thomas Horsten
- Re: [PATCH] Add support for OpenSSL's libcrypto as crypto backend
  - From: Dan Williams
- Re: [PATCH] Add support for OpenSSL's libcrypto as crypto backend
  - From: Thomas Horsten

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]