Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 317271 - License conflicts: freeradius vs. openssl
Summary: License conflicts: freeradius vs. openssl
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: freeradius
Version: 8
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: John Dennis
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: bzcl34nup
Depends On:
Blocks: FE-Legal
TreeView+ depends on / blocked
 
Reported: 2007-10-03 19:56 UTC by Ralf Ertzinger
Modified: 2013-05-13 12:27 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2008-04-17 19:33:14 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Ralf Ertzinger 2007-10-03 19:56:18 UTC 
Description of problem:
freeradius is licensed gplv2+, as far as I was able to figure out, but links
against openssl, which is not allowed without an exception clause.

Did I miss that somewhere?

Version-Release number of selected component (if applicable):
freeradius-1.1.7-3.1.fc8

How reproducible:
Always

Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Bug Zapper 2008-04-04 13:58:49 UTC 
Based on the date this bug was created, it appears to have been reported
during the development of Fedora 8. In order to refocus our efforts as
a project we are changing the version of this bug to '8'.

If this bug still exists in rawhide, please change the version back to
rawhide.
(If you're unable to change the bug's version, add a comment to the bug
and someone will change it for you.)

Thanks for your help and we apologize for the interruption.

The process we're following is outlined here:
http://fedoraproject.org/wiki/BugZappers/F9CleanUp

We will be following the process here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping to ensure this
doesn't happen again.
Comment 2 John Dennis 2008-04-17 19:33:14 UTC 
I don't see a license conflict, nor a requirement for an exception (see below),
but INAL (I'm Not A Lawyer). If you have a specific license conflict you can
point me to then please re-open this bug and cite it, otherwise for the time
being I'm going to close this.

From http://www.openssl.org/support/faq.html

2. Can I use OpenSSL with GPL software?

On many systems including the major Linux and BSD distributions, yes (the GPL
does not place restrictions on using libraries that are part of the normal
operating system distribution).

On other systems, the situation is less clear. Some GPL software copyright
holders claim that you infringe on their rights if you use OpenSSL with their
software on operating systems that don't normally include OpenSSL.
Comment 3 mejiko 2013-05-13 02:05:45 UTC 
(In reply to comment #2)
> I don't see a license conflict, nor a requirement for an exception (see
> below)

> From http://www.openssl.org/support/faq.html

I think that openssl license is incompatible GPL. See Reference URI.

and, blocking FE-Legal.


Reference:

https://fedoraproject.org/wiki/Licensing:FAQ?rd=Licensing/FAQ#What.27s_the_deal_with_the_OpenSSL_license.3F

https://www.gnu.org/licenses/license-list.html#OpenSSL

I suggests that Re-open this bug, and:


1. Remove openssl support.

2. Replace GPL compatible library (Example: nss, gnutls)

3. Contact upstream author.

thanks.
Comment 4 mejiko 2013-05-13 02:16:54 UTC 
Additional URI:

http://lists.debian.org/debian-legal/2002/10/msg00113.html

http://people.gnome.org/~markmc/openssl-and-the-gpl.html
Comment 5 John Dennis 2013-05-13 12:27:06 UTC 
re comment #3

freeradius has shipped with the recommended openssl license exception (see /usr/share/doc/freeradius-*/LICENSE.openssl since 2009. This was approved by both Red Hat legal and Tom Callaway who oversee's Fedora's licensing. Given the license exception has been in effect for 4 years now and is approved I see no need to reopen this bug.

We will not port FreeRADIUS to an alternate crypto library because that would cause the configuration and operation of our version to differ from that of the upstream version. Compatibility with upstream is vital for customers and users who rely on deploying FreeRADIUS consistently across multiple distributions.

Also, upstream is well aware of the issue, in fact we and upstream arrived at the solution together 4 years ago, so I doubt upstream is going to be very interested in reopening this either.
Note You need to log in before you can comment on or make changes to this bug.