(Illustration by Gaich Muramatsu)
Greg Troxel wrote: > Jan Harkes <jaharkes_at_cs.cmu.edu> writes: > > >> On Sat, May 19, 2007 at 04:51:07PM +0200, Enrico Weigelt wrote: >> >>> So should we drop the openssl dependency completely ? >>> >> I think so, the openssl implementation may or may not be faster. The >> md5 and sha1 code is conditionally compiled in coda/lib-src/base. Every >> Coda binary links against the resulting libbase.a. >> > > In general I would favor requiring a crypto library rather than having > included crypto code. But openssl may be problematic - is the license > GPL-compatible? > > A few relevant links: [1] http://www.openssl.org/support/faq.html#LEGAL2 [2] http://www.gnome.org/~markmc/openssl-and-the-gpl.html I've looked at this recently for a different project I've been working on and it is not completely clear. OpenSSL is licensed under an Apache-style or BSD-style open source license which are generally closer to being public domain than the GPL, and can often be included in more restricted code bases by falling under the more restrictive license. However, the OpenSSL license does contain a few clauses about advertising and acknowledgments which impose additional restrictions that directly conflict with the GPL. The debate moves into a gray area when you consider that OpenSSL may be shipped as a GPL-incompatible library with an operating system, which the GPL specifically allows exemptions for linking against. The most common way to get around this is to distribute your code under the GPL with an OpenSSL exemption clause. From what I can tell, OpenSSL's FAQ [1] seems to suggest Coda's current licensing is fine for most of the operating systems on which it is linked, Windows beta aside. AdamReceived on 2007-05-21 18:37:19