All of lore.kernel.org
 help / color / mirror / Atom feed
From: Peter Robinson <pbrobinson@gmail.com>
To: Vagrant Cascadian <vagrant@debian.org>
Cc: "Tom Rini" <trini@konsulko.com>,
	"Samuel Holland" <samuel@sholland.org>,
	"Andre Przywara" <andre.przywara@arm.com>,
	"Jagan Teki" <jagan@amarulasolutions.com>,
	"Hans de Goede" <hdegoede@redhat.com>,
	u-boot@lists.denx.de, "Simon Glass" <sjg@chromium.org>,
	"Jernej Škrabec" <jernej.skrabec@gmail.com>
Subject: Re: [PATCH 0/4] sunxi: TOC0 image type support
Date: Mon, 23 Aug 2021 08:43:36 +0100	[thread overview]
Message-ID: <CALeDE9MvXKrJWU31ukBArCfBEE1Tq1JgpoA1qDoor3KRacueOA@mail.gmail.com> (raw)
In-Reply-To: <874kbhupnt.fsf@ponder>

> > I'd like to see one of the parties that had noted the licensing problem
> > chime in and explain it again.
>
> The short of it is the openssl license has an advertising clause, and
> the GPL requires no additional terms may be added when distributing
> binaries. This is *fine* when distributing source code only, but once a
> project such as Debian or some commercial entitry distributes binaries
> of u-boot, the license incompatibility is triggered...

With OpenSSL 3, which is due shortly, the project will be moving to
the Apache 2 license.

> A more detailed explanation of the issue:
>
>   https://people.gnome.org/~markmc/openssl-and-the-gpl.html
>
>
> That said, Debian has recently and somewhat quietly decided to declare
> openssl as a "system library" which in some opinions works around the
> issue. I believe Fedora has used this workaround for quite a while
> too. I personally think this is a very weak workaround and have only
> reluctantly added openssl support in parts of Debian's u-boot packages,
> and sometimes wonder if I shouldn't revert those changes...

Fedora has always had OpenSSL as a system library but there's been
certain things that can't link against it because of incompatible
licenses.

>
> If someone has the ability, time, resources, etc. to (optionally?)
> switch u-boot to using a library that doesn't have any potential license
> compatibility issues, that would be ideal, so ideal! But of course, it
> requires *someone* to do the *work*. I don't believe *I* have the
> requisite skills.

It might be too soon to requiring something as new as openssl 3 but it
may also end up being the quickest way as openssl3 is parallel
installable with older versions.

> Another route would be to audit all the current codepaths using openssl
> and get permission from all involved copyright holders to add a license
> exception expressly permitting linking against openssl. In the past,
> this was seen as something between impossible or implausible, due to the
> sheer number of potential copyright holders which would need to give
> permission to effectively relicense their GPL contributions with this
> exception. Maybe the actual affected code paths would limit the number
> of people involved enough to make it worth it... maybe not. Again, a
> fair amount of work that *someone* would need to do just to even audit
> the feasibility of this approach.
>
>
> It is somewhat interesting to explore not adding *new* code to u-boot
> that uses openssl by using a different library, and then the old code
> might be able to be gradually migrated over to a different library? Last
> I did a cursory look, nettle, gnutls and gcrypt seemed the most
> promising candidates. I believe libressl has the same licensing issues
> as openssl.
>
>
> live well,
>   vagrant

      reply	other threads:[~2021-08-23  7:43 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-06-21  2:55 [PATCH 0/4] sunxi: TOC0 image type support Samuel Holland
2021-06-21  2:55 ` [PATCH 1/4] tools: Refactor mkimage linking with OpenSSL Samuel Holland
2021-06-26 18:31   ` Simon Glass
2021-06-21  2:55 ` [PATCH 2/4] tools: mkimage: Add Allwinner TOC0 support Samuel Holland
2021-06-22  1:07   ` Andre Przywara
2021-06-21  2:55 ` [PATCH 3/4] sunxi: Support both SPL image types Samuel Holland
2021-06-21  2:55 ` [PATCH 4/4] sunxi: Support building a SPL as a TOC0 image Samuel Holland
2021-06-21 15:43 ` [PATCH 0/4] sunxi: TOC0 image type support Andre Przywara
2021-06-21 20:35   ` Tom Rini
2021-06-21 23:56     ` Andre Przywara
2021-08-22  2:19       ` Samuel Holland
2021-08-22 14:15         ` Tom Rini
2021-08-22 21:37           ` Vagrant Cascadian
2021-08-23  7:43             ` Peter Robinson [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CALeDE9MvXKrJWU31ukBArCfBEE1Tq1JgpoA1qDoor3KRacueOA@mail.gmail.com \
    --to=pbrobinson@gmail.com \
    --cc=andre.przywara@arm.com \
    --cc=hdegoede@redhat.com \
    --cc=jagan@amarulasolutions.com \
    --cc=jernej.skrabec@gmail.com \
    --cc=samuel@sholland.org \
    --cc=sjg@chromium.org \
    --cc=trini@konsulko.com \
    --cc=u-boot@lists.denx.de \
    --cc=vagrant@debian.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.