18 Mar
2005
18 Mar
'05
7:10 a.m.
Hi Paulo,
IANAL, so take all I say with a grain of salt.
On Thu, Mar 17, 2005 at 08:17:03AM -0800, Paulo Ribeiro wrote:
A collegue of mine came accross an application that
uses openssl/gnupg (that's what the commercial told
him).
OpenSSL is *not* GPL - OSI approved, apache-style, but not GPL.
GnuPG on the other hand *is* GPL.
But on their website, we couldn't find anything
related to the GPL or to openssl/gnupg.
I don't think that's absolutely necessary.
Also, the application isn't available for
download.
Also not necessary. If you distribute GPLed software, only
those people who get the software must have the possibility
of getting the sourcecode going along with that software.
I have a few questions in regard to this.
- Is this in agreement with the GPL?
So far yes, as long as those they distribute their application
to also get access to the source (on demand, it doesn't have
to be provided immediately along with the binaries, they even
may charge a reasonable fee).
- Don't they have to mention they are using
openssl?
AFAIK (I may be wrong) there's no advertising clause in this
license. Of course, if they want to do without a positive
ad... their problem.
- In what extend can they use it and no more need to
tell people about it? For example, if they modify the
source can they redristibute without making their
product availbe for download?
In the case of OpenSSL, not sure, you'd have to check the
license details.
In the case of GnuPG, they clearly have to redistribute the
sources including the modifications, to their customers (who
then can do whatever they want, conforming to the GPL of
course).
If GnuPG is called externally, they should be "clean", if
it's totally integrated into their product, they may have
a problem...
For solid legal advice, contact the FSF.
Greets Eric