Message 115078 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	lemburg
Recipients	debatem1, docs@python, eric.araujo, lemburg, loewis
Date	2010-08-27.14:13:59
SpamBayes Score	0.0
Marked as misclassified	No
Message-id	<4C77C825.1030204@egenix.com>
In-reply-to	<4C77AD62.9010303@v.loewis.de>

Content
Martin v. Löwis wrote: > > Martin v. Löwis <martin@v.loewis.de> added the comment: > >>> Which specific clause of the license do you consider violated? >> >> * 3. All advertising materials mentioning features or use of this >> * software must display the following acknowledgment: >> * "This product includes software developed by the OpenSSL Project >> * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" > > I fail to see the violation, or how changing the download page could > fix that. The download page is not "advertising material mentioning > features or use of this software". In fact, the download page doesn't > refer to SSL at all. Hence there is no obligation to mention OpenSSL > on the download page. > >> * 3. All advertising materials mentioning features or use of this software >> * must display the following acknowledgement: >> * "This product includes cryptographic software written by >> * Eric Young (eay@cryptsoft.com)" > > Likewise. The license only permits you to use and distribute OpenSSL under the conditions mentioned in the license. Since we are not following those old-style BSD license requirements (which are unfortunate), we are not allowed to use the software: The python.org site is full of references to OpenSSL. Most prominently in the documentation of the ssl and hashlib modules, but also in the release notes/news and other files. By contrast, the name "Eric Young" does not appear anywhere on the site (according to a Google search). We can remedy this easily, but putting the notices on the download pages. Perhaps just putting them into the documentation is already good enough. >> * 4. If you include any Windows specific code (or a derivative thereof) from >> * the apps directory (application code) you must include an acknowledgement: >> * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" > > This doesn't apply: we don't include any code (Windows specific or not) > from the apps directory. Ok, so we don't have to add this part. >> I'd suggest to add a paragraph like this to the release pages: > > -1, unless the PSF lawyer advises that such a paragraph is indeed > necessary. It may shy away users from using Python, which is clearly > undesirable. So you'd rather have some users get in trouble for downloading and using crypto software, due import laws or domestic laws restricting its use in their country ? Deliberately hiding this information from the user, doesn't sound like a good approach to the problem. However, I agree that this is a question to ask the PSF board. There's probably a better wording for such a text, but some kind of note of caution needs to go on the website.

Martin v. Löwis wrote:
> 
> Martin v. Löwis <martin@v.loewis.de> added the comment:
> 
>>> Which specific clause of the license do you consider violated?
>>
>>  * 3. All advertising materials mentioning features or use of this
>>  *    software must display the following acknowledgment:
>>  *    "This product includes software developed by the OpenSSL Project
>>  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
> 
> I fail to see the violation, or how changing the download page could
> fix that. The download page is *not* "advertising material mentioning
> features or use of this software". In fact, the download page doesn't
> refer to SSL at all. Hence there is no obligation to mention OpenSSL
> on the download page.
> 
>>  * 3. All advertising materials mentioning features or use of this software
>>  *    must display the following acknowledgement:
>>  *    "This product includes cryptographic software written by
>>  *     Eric Young (eay@cryptsoft.com)"
> 
> Likewise.

The license only permits you to use and distribute OpenSSL under
the conditions mentioned in the license.

Since we are not following those old-style BSD license requirements
(which are unfortunate), we are not allowed to use the software:

The python.org site is full of references to OpenSSL. Most
prominently in the documentation of the ssl and hashlib modules,
but also in the release notes/news and other files.
By contrast, the name "Eric Young" does not appear anywhere
on the site (according to a Google search).

We can remedy this easily, but putting the notices on the download
pages. Perhaps just putting them into the documentation is already
good enough.

>>  * 4. If you include any Windows specific code (or a derivative thereof) from
>>  *    the apps directory (application code) you must include an acknowledgement:
>>  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
> 
> This doesn't apply: we don't include any code (Windows specific or not)
> from the apps directory.

Ok, so we don't have to add this part.

>> I'd suggest to add a paragraph like this to the release pages:
>
> -1, unless the PSF lawyer advises that such a paragraph is indeed
> necessary. It may shy away users from using Python, which is clearly
> undesirable.

So you'd rather have some users get in trouble for downloading
and using crypto software, due import laws or domestic laws
restricting its use in their country ?

Deliberately hiding this information from the user, doesn't
sound like a good approach to the problem. However, I agree
that this is a question to ask the PSF board.

There's probably a better wording for such a text, but some kind of
note of caution needs to go on the website.

History
Date	User	Action	Args
2010-08-27 14:14:01	lemburg	set	recipients: + lemburg, loewis, eric.araujo, debatem1, docs@python
2010-08-27 14:13:59	lemburg	link	issue9119 messages
2010-08-27 14:13:59	lemburg	create