[U-Boot] u-boot Licensing exception with OpenSSL

Tom Rini trini at konsulko.com
Mon Dec 4 20:45:12 UTC 2017 

On Sat, Nov 25, 2017 at 12:50:47PM -0800, Vagrant Cascadian wrote:

> There are a few targets (clearfog, turris_omnia) and features (signing
> in mkimage) in the Debian build of u-boot that have been avoided due to
> lack of clarity on Licensing issues regarding GPL and OpenSSL
> compatibility issues.
> 
> A reasonable description of the issue GPL linking against OpenSSL issue:
> 
>   https://people.gnome.org/~markmc/openssl-and-the-gpl.html
> 
> 
> It seems like Licenses/Exceptions might be attempting to address this
> issue, but it is not absolutely clear that this applies to linking
> against OpenSSL:
> 
> GPL License Exception:
> 
>   Even though U-Boot in general is covered by the GPL-2.0/GPL-2.0+,
>   this does *not* cover the so-called "standalone" applications that
>   use U-Boot services by means of the jump table provided by U-Boot
>   exactly for this purpose - this is merely considered normal use of
>   U-Boot, and does *not* fall under the heading of "derived work".
> 
>     The header files "include/image.h" and "arch/*/include/asm/u-boot.h"
>   define interfaces to U-Boot.  Including these (unmodified) header
>   files in another file is considered normal use of U-Boot, and does
>   *not* fall under the heading of "derived work".
>   -- Wolfgang Denk
> 
> 
> Some recommended text to apply an explicit exemption for GPL+OpenSSL:
> 
>   https://lists.debian.org/debian-legal/2004/05/msg00595.html
>   https://doc.qt.io/qt-5/qtnetwork-index.html#licenses-and-attributions
> 
> Some example text taken from
> https://sources.debian.net/src/offlineimap/7.1.2%2Bdfsg1-1/COPYING/#L353
> 
>  In addition, as a special exception, the copyright holders give
>  permission to link the code of portions of this program with the OpenSSL
>  library under certain conditions as described in each individual source
>  file, and distribute linked combinations including the two.
>  .
>  You must obey the GNU General Public License in all respects for all of
>  the code used other than OpenSSL. If you modify file(s) with this
>  exception, you may extend this exception to your version of the file(s),
>  but you are not obligated to do so. If you do not wish to do so, delete
>  this exception statement from your version. If you delete this exception
>  statement from all source files in the program, then also delete it
>  here.
> 
> 
> If most explicit clarification could be made on this issue, ideally
> through commits to u-boot git, I would be able to enable more features
> in the u-boot packages in Debian!

So, the most likely thing that could be accomplished (as I don't see how
we could add exemptions without some legal consult) would be to re-write
the small areas in question to use libgnutls rather than openssl for
checking the certificates, etc.

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20171204/1fd34872/attachment.sig>

More information about the U-Boot mailing list