of its donation of an elliptic curve encryption implementation to the OpenSSL project
was generally well
received. After all, the donation of more open source code has got to be a
good thing. As it turns out, however, some people are looking at this gift
and wondering how free it really is.
If you look at the OpenSSL LICENSE file in
the current snapshot, nothing has changed; it's a fairly straightforward
BSD-style license. But the Sun-contributed code contains its own license
text which differs from the OpenSSL license. In particular, it contains
this rather impenetrable language:
In addition, Sun covenants to all licensees who provide a
reciprocal covenant with respect to their own patents if any, not
to sue under current and future patent claims necessarily infringed
by the making, using, practicing, selling, offering for sale and/or
otherwise disposing of the Contribution as delivered hereunder (or
One would that Sun, by virtue of having released the code under a free
license, would have given up the right to sue people for using that code.
This clause, however, seems to put a string on it: Sun explicitly says it
won't sue, but only if you don't sue them either. The limitation seems to
only apply to suits over the elliptical curve code itself, but it's hard to
say for sure; the language is not all that clear.
For those who object to this language, the distinction does not matter. If
you start attaching strings to free code, they say, it is no longer free.
The most vocal of the dissenters is, of course, OpenBSD hacker Theo de
Raadt, who states:
It means that OpenSSL is becoming a non-free software project,
because the code from Sun contains licenses which invoke patent
litigation; the licence on the new code basically builds a contract
that says "if you use this code, you cannot sue Sun". In such a
way, by means of the slippery slope, a free software project
becomes not as free, and eventually, less and less free.
Theo has gone as far as suggesting a fork in the OpenSSL project as a way
of maintaining a version that is, to his eyes, truly free.
Whether or not this particular bit of language bothers people,
there is an issue here: companies often have a hard time resisting the
temptation to attach their own language to free software licenses. The
tendency toward custom licenses for each company and project has subsided
somewhat, but it is not completely gone. It will always be necessary to
scrutinize software licenses carefully, whether they are presented as free
to post comments)