Re: TODO: GNU TLS

From: mark(at)mark(dot)mielke(dot)cc
To: "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>
Cc: Stephen Frost <sfrost(at)snowman(dot)net>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: TODO: GNU TLS
Date: 2006-12-28 20:29:48
Message-ID: 20061228202948.GA1439@mark.mielke.cc
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Thu, Dec 28, 2006 at 10:13:14AM -0800, Joshua D. Drake wrote:
> On Thu, 2006-12-28 at 13:01 -0500, Stephen Frost wrote:
> > * Joshua D. Drake (jd(at)commandprompt(dot)com) wrote:
> > > What is the consideration here? I read the thread and it appears that
> > > OpenSSL is not compatible with GPL? But we don't care about that right?
> > > The OpenSSL looks pretty BSDish to me, expect the advertising clause (is
> > > that what caused XFree86.org to fork?).
> > OpenSSL isn't compatible with the GPL.

With few exceptions, you cannot derive or include GPL software in your
non-GPL software. The GPL works very hard to maintain this position to
"protect" the freedom of the user.

The GPL cannot control how OpenSSL is distributed, though. The OpenSSL
license controls this. I don't see any place in the (short and sweet!)
OpenSSL license that prevents it from being using in GPL software. Are
you reading some particular point in the OpenSSL license that I am not?
PostgreSQL isn't GPL software anyways, and there is certainly nothing
in the OpenSSL license preventing it from being used in PostgreSQL.

If the argument is that the 'whole derived product' must fit the
outter most provided license, then I think you should consider that
PostgreSQL should not include *ANY* GPL software, as any user of
PostgreSQL cannot be guaranteed of the generous freedoms provided by
the PostgreSQL license. Some components are covered by GPL, which is
restrictive compared to PostgreSQL.

Down this path is the impractical, and silly conclusion that all
software must be licensed under the exact same license to be
distributed. An all GPL distribution, for example. While those with a
political agenda such as Richard Stallman would cheer at this result,
those people do not have the power to force this will on us.

The Free Software Foundation provides an LGPL that has fewer restrictions
than GPL, out of recognition that their political goals are not practical
for all uses. LGPL software may be linked with GPL software without
invalidating the GPL rights of the user. GPL applies to the GPL part,
and LGPL applies to the LGPL part. All is well in the world.

In conclusion - I'll restate. The only license that can restrict the
distribution of OpenSSL, is the OpenSSL license. The GPL is not relevant
in determining where OpenSSL may be distributed to.

Anybody who believes OpenSSL is a problem, must be aware of some
software distribution for which the OpenSSL licensing terms are
unreasonable. I'm not sure who that would be. They ask for
attribution. They ask that their name not be used to promote another
product. They ask that their name not be used in the name of another
product. All of these terms seem fair to me.

> The original discussion stated that well placed attorneys in the market
> feel that the FSF is trying to reach beyond the hands of god on this one
> and that we don't need to worry about it (my words, for actual quote
> read thread ;)).

I agree with Tom - if they really want people to use GNUTLS, why did
they make it have such a different interface?

I recently had to choose between the two for a product at work, and
GNUTLS seemed to fall short in several areas. It was a race between
GNUTLS seeming to having superior documentation vs OpenSSL seeming to
have superior functionality. For my rather complicated requirements,
OpenSSL won out (function is more important than documentation), and
the product using it is about 90% complete. It includes such ugliness
as OpenSSL/C code that needs to load the encrypted private key and
client/server x509 certificates from a Java Keystore (JKS)... Total
fun... :-)

Cheers,
mark

--
mark(at)mielke(dot)cc / markm(at)ncf(dot)ca / markm(at)nortel(dot)com __________________________
. . _ ._ . . .__ . . ._. .__ . . . .__ | Neighbourhood Coder
|\/| |_| |_| |/ |_ |\/| | |_ | |/ |_ |
| | | | | \ | \ |__ . | | .|. |__ |__ | \ |__ | Ottawa, Ontario, Canada

One ring to rule them all, one ring to find them, one ring to bring them all
and in the darkness bind them...

http://mark.mielke.cc/

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Bruce Momjian 2006-12-28 20:33:52 Re: [BUGS] BUG #2846: inconsistent and confusing
Previous Message Stephen Frost 2006-12-28 19:48:56 Re: TODO: GNU TLS