Weekly Edition
Return to the Front page
| |||||||||||||
Looking the OpenSSL gift horse in the mouth
Sun's announcement
of its donation of an elliptic curve encryption implementation to the OpenSSL project was generally well
received. After all, the donation of more open source code has got to be a
good thing. As it turns out, however, some people are looking at this gift
and wondering how free it really is.
If you look at the OpenSSL LICENSE file in the current snapshot, nothing has changed; it's a fairly straightforward BSD-style license. But the Sun-contributed code contains its own license text which differs from the OpenSSL license. In particular, it contains this rather impenetrable language:
In addition, Sun covenants to all licensees who provide a
reciprocal covenant with respect to their own patents if any, not
to sue under current and future patent claims necessarily infringed
by the making, using, practicing, selling, offering for sale and/or
otherwise disposing of the Contribution as delivered hereunder (or
portions thereof)...
One would that Sun, by virtue of having released the code under a free license, would have given up the right to sue people for using that code. This clause, however, seems to put a string on it: Sun explicitly says it won't sue, but only if you don't sue them either. The limitation seems to only apply to suits over the elliptical curve code itself, but it's hard to say for sure; the language is not all that clear. For those who object to this language, the distinction does not matter. If you start attaching strings to free code, they say, it is no longer free. The most vocal of the dissenters is, of course, OpenBSD hacker Theo de Raadt, who states:
It means that OpenSSL is becoming a non-free software project,
because the code from Sun contains licenses which invoke patent
litigation; the licence on the new code basically builds a contract
that says "if you use this code, you cannot sue Sun". In such a
way, by means of the slippery slope, a free software project
becomes not as free, and eventually, less and less free.
Theo has gone as far as suggesting a fork in the OpenSSL project as a way of maintaining a version that is, to his eyes, truly free. Whether or not this particular bit of language bothers people, there is an issue here: companies often have a hard time resisting the temptation to attach their own language to free software licenses. The tendency toward custom licenses for each company and project has subsided somewhat, but it is not completely gone. It will always be necessary to scrutinize software licenses carefully, whether they are presented as free or not. (Log in to post comments)
Looking the OpenSSL gift horse in the mouth Posted Sep 26, 2002 8:14 UTC (Thu) by beejaybee (guest, #1581) [Link] From the PRACTICAL point of view, I applaud Sun. Any agreement that keeps lawyers out of everyone's hair is most definitely A Good Thing.From the semantic point of view, I'm unsure that the clause was actually neccessary. I think in most countries it is accepted that if goods or services are supplied free of charge then the recipient has no right to sue for failures of material or performance. Hopefully Sun included the clause to make this absolutely clear in those countries where this principle does not neccessarily apply. It would definitely be a better world if similar clauses were not thought neccessary by anyone. When legal action is taken, often both sides lose; only the lawyers profit. As for the "restriction" on "free" software; yes, I can see the point, but only from the legal side. Is GPL "free"? It has been argued (usually by megacorporations) that the GPL is restrictive in the way that it demands that source code of derivative works be published in the same way. Most of us consider this to be A Good Thing; why cannot we accept Sun's "restriction" in the same spirit?
Looking the OpenSSL gift horse in the mouth Posted Sep 26, 2002 14:21 UTC (Thu) by busterb (subscriber, #560) [Link] Then again, grocery store bakeries do not give away their day-old donuts for free, and will even fire employees who do. Why? Because if someone got sick from eating one, the store would be liable. Personal experience.It sounds crazy, giving away something free and then being held liable for anything bad that comes from it, but that is the state of things today.
Looking the OpenSSL gift horse in the mouth Posted Sep 27, 2002 1:18 UTC (Fri) by giraffedata (subscriber, #1954) [Link] >Any agreement that keeps lawyers out of everyone's hair is most>definitely A Good Thing. If someone's hair is harming other people, it's exactly where lawyers belong. >I think in most countries it is accepted that if goods or services Not the U.S. Here, you're liable for any damage your negligence causes another human being regardless of whether free goods were involved. That's why the BSD license exists. The BSD license says, "in exchange for this valuable software, you agree to assume the risk of damage that my negligence in writing it causes you." I.e. such software is not gratis. You may be thinking about warranty. It is true that if you give something away, it doesn't come with any warranty. So unless there's negligence involved, there would be no basis on which the donee could sue you if it doesn't work. Patents, which are the subject of this clause, are completely unrelated, though. There's probably no country where giving some property to someone for free means he has to let you use his patents.
Looking the OpenSSL gift horse in the mouth Posted Sep 26, 2002 10:12 UTC (Thu) by gregwilkins (subscriber, #515) [Link] I actually think it is a good extension to a free software license. Imagine if in order to have to use any free software you had to swear off software patent litigation!In fact, Theo's angle is a bit strange. He wants the freedom to retain
Looking the OpenSSL gift horse in the mouth Posted Sep 26, 2002 10:49 UTC (Thu) by nix (subscriber, #2304) [Link] It may be worse than that; as Wichert Akkerman points out in <http://lists.debian.org/debian-legal/2002/debian-legal-200209/msg00183.html>, the Sun-contributed code may not be modifiable at all without risking being sued by Sun for patent infringement; and Markus Friedl pointed out in the thread to which you linked that large chunks of the OpenSSL engine are infected by this change, including critical stuff like bn.h, rendering them nonmodifiable as well.So this change may make much of the OpenSSL core thoroughly non-free.
Looking the OpenSSL gift horse in the mouth Posted Sep 26, 2002 13:44 UTC (Thu) by ccady (guest, #3898) [Link] I will rewrite this in English for myself here:"In addition, Sun promises never to sue you for infringing their patents *on this code* if you promise never to sue them for infringing *your patents*. "Reciprocal agreement" is not defined. This is *not* an attempt to keep lawyers out of the picture. In fact, it requires more lawyers in order for you to craft your own reciprocal agreement. Sun is allowing you the code in terms of copyright protection, but is *not* giving you the right to use it in terms of patent protection, unless you give them the right to use your patents.
Looking the OpenSSL gift horse in the mouth Posted Sep 26, 2002 14:45 UTC (Thu) by mdarmistead (guest, #4472) [Link] Have we become so desperate that we will willingly accept "donations" (with strings) just because they were donated? No organization is *required* to accept any donation. It's pefectly acceptable to refuse a donation if you can't live with restrictions or requirements laid out by the donor. Does OpenSSL REALLY need this donation? Can't we come up with something equivalent that doesn't have lawyers attached to it? We, as a community of independant developers, have consistently managed to create innovative solutions without relying on code that is constrained or compromised by legal restrictions. My skills do not lay in encryption algorithms, but I'm sure that there are developers out there that eat this stuff for breakfast. I applaud Sun that they are interested in helping Linux and open source projects forge ahead. I am, however, a little wary of the motives behind their rapid move to Linux.
I don't see this making it non-free Posted Sep 26, 2002 18:15 UTC (Thu) by gleef (guest, #1004) [Link] Assuming that the Sun license without this clause is a Free license (I haven't read the license in full), I don't see how the quoted clause would make anything non-Free. This clause starts "In addition, Sun covenants to all licensees who...". Unless my legalese translator is shot, this becomes, when translated to plain English, "Also, you can take the license as it stands, but if you also agree to an additional thing, we will agree to an additional thing". Phrased another way: in addition to the Free software license, Sun offers a reciprocal patent agreement to whoever wants one. So, Sun offers a free license, or, if you so choose, you can have the same a license plus a contract promising that you will neither sue nor be sued by Sun regarding certain patents. This is no different than Cygwin or Ghostscript shipping with the Free GPL, or if you so choose, you can have a non-Free license also. In fact, in many ways, it's better than the Cygwin or Ghostscript situations: Under both licenses you can always share, you can sell it, you can modify it, you can share modifications. You never sign away your right to use the software as part of the license, and if you want, you have an assurance that Sun won't use patent law to prevent you from using the software in spite of the license. Individuals can choose on their own whether or not they want such assurance, and distribute under the Free license regardless of their choice.
|
|||||||||||||