From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6D636C4338F for ; Mon, 23 Aug 2021 07:43:56 +0000 (UTC) Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id D9E0661242 for ; Mon, 23 Aug 2021 07:43:55 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org D9E0661242 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=lists.denx.de Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id D304F83167; Mon, 23 Aug 2021 09:43:53 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="P7hzXIsp"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 4D9D88318E; Mon, 23 Aug 2021 09:43:52 +0200 (CEST) Received: from mail-ed1-x536.google.com (mail-ed1-x536.google.com [IPv6:2a00:1450:4864:20::536]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 314AB83137 for ; Mon, 23 Aug 2021 09:43:48 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=pbrobinson@gmail.com Received: by mail-ed1-x536.google.com with SMTP id d6so24835713edt.7 for ; Mon, 23 Aug 2021 00:43:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=4468yCRlRfL9a/BZZ+srWuCbYw/HEz7IOGwsa8aIX38=; b=P7hzXIsp12Ck+cz2UUKmpu9+C3juR2GEwfguhrbjM0yty0KqB47XfTXSJL09OwNqJ4 4q0x0cTznFkjEiRXDr8kxlqogRVLlFMXESYrpROu5VIZCG019sX/5Ut8sxZoLK4HoVoJ IeeAnsr5mUyd5QR4S+2vzqgszCyZeYExDYNqUMLedWKbsWXDplM/uPFkKYi+jyf/yXn1 ZIfHCumNCYBznF9pqkyMql1zfpFgVWG92k2latfXLZSqAKutDuqK0B6ZUQm3eVg8fUZ8 ck16MD60Bjna+5dT7KtyPcDHZfr5+KN6bglMRhntWtgbwU3ZcAY3BSwQUM0nRb2Nxa0H VbtA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=4468yCRlRfL9a/BZZ+srWuCbYw/HEz7IOGwsa8aIX38=; b=Bq3dsMKHOL1n641XztF4czyyG52ydUCCX8mV0WHqt1SvtGLcD9/k3mlepvVBKaxw9c 5EB5+nE8dFBkeEKVDQacf44iq8nuV0o6Np5QJV7xk59wq1/rmXvgxm5cIlkhhsWU3yEe 0x04HU7BowR2jFQWYClnx0SICMMOd0DdSHrrE9cbL5QJ9O5UfPiKBvLWFOSmvG2ijTmO /lXiaql5ylk5Iz7exWukqhI1Z43kalPkpWjmXb7+eTBBWQ9GXIBdcbqBsKLd4cqavXTa pNzHWJJg3YH1zSSke2VxpM3vLnsbjSGVNi2N0tS5rm2kKc42D19OP4W2ywxlqlkLrZ85 +QXQ== X-Gm-Message-State: AOAM532LwHjwtWsLuzkx9bJwBi12huD0KM6SU/cbQAdYOT3aaI+AFlkD tTMCfhJdxW2WUXTF7mUvTbSZyW5rNKs8kIoBpXQGxZ9F X-Google-Smtp-Source: ABdhPJwRxcHhZ1nW+fwnu8WpB9WFIPMF4zXZPMLz8bBOUUOIKVjSfrWSFtzmPyvLuysWSnDK+SDaBpbXibqiWhfAr4A= X-Received: by 2002:a05:6402:557:: with SMTP id i23mr35538640edx.373.1629704627899; Mon, 23 Aug 2021 00:43:47 -0700 (PDT) MIME-Version: 1.0 References: <20210621025555.19390-1-samuel@sholland.org> <20210621164300.231e3a11@slackpad.fritz.box> <20210621203537.GN9516@bill-the-cat> <20210622005626.65f27491@slackpad.fritz.box> <20210822141502.GH858@bill-the-cat> <874kbhupnt.fsf@ponder> In-Reply-To: <874kbhupnt.fsf@ponder> From: Peter Robinson Date: Mon, 23 Aug 2021 08:43:36 +0100 Message-ID: Subject: Re: [PATCH 0/4] sunxi: TOC0 image type support To: Vagrant Cascadian Cc: Tom Rini , Samuel Holland , Andre Przywara , Jagan Teki , Hans de Goede , u-boot@lists.denx.de, Simon Glass , =?UTF-8?Q?Jernej_=C5=A0krabec?= Content-Type: text/plain; charset="UTF-8" X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean > > I'd like to see one of the parties that had noted the licensing problem > > chime in and explain it again. > > The short of it is the openssl license has an advertising clause, and > the GPL requires no additional terms may be added when distributing > binaries. This is *fine* when distributing source code only, but once a > project such as Debian or some commercial entitry distributes binaries > of u-boot, the license incompatibility is triggered... With OpenSSL 3, which is due shortly, the project will be moving to the Apache 2 license. > A more detailed explanation of the issue: > > https://people.gnome.org/~markmc/openssl-and-the-gpl.html > > > That said, Debian has recently and somewhat quietly decided to declare > openssl as a "system library" which in some opinions works around the > issue. I believe Fedora has used this workaround for quite a while > too. I personally think this is a very weak workaround and have only > reluctantly added openssl support in parts of Debian's u-boot packages, > and sometimes wonder if I shouldn't revert those changes... Fedora has always had OpenSSL as a system library but there's been certain things that can't link against it because of incompatible licenses. > > If someone has the ability, time, resources, etc. to (optionally?) > switch u-boot to using a library that doesn't have any potential license > compatibility issues, that would be ideal, so ideal! But of course, it > requires *someone* to do the *work*. I don't believe *I* have the > requisite skills. It might be too soon to requiring something as new as openssl 3 but it may also end up being the quickest way as openssl3 is parallel installable with older versions. > Another route would be to audit all the current codepaths using openssl > and get permission from all involved copyright holders to add a license > exception expressly permitting linking against openssl. In the past, > this was seen as something between impossible or implausible, due to the > sheer number of potential copyright holders which would need to give > permission to effectively relicense their GPL contributions with this > exception. Maybe the actual affected code paths would limit the number > of people involved enough to make it worth it... maybe not. Again, a > fair amount of work that *someone* would need to do just to even audit > the feasibility of this approach. > > > It is somewhat interesting to explore not adding *new* code to u-boot > that uses openssl by using a different library, and then the old code > might be able to be gradually migrated over to a different library? Last > I did a cursory look, nettle, gnutls and gcrypt seemed the most > promising candidates. I believe libressl has the same licensing issues > as openssl. > > > live well, > vagrant