PostgreSQL, OpenSSL, and the GPL

"The OpenSSL license, which is BSD-style with an advertising clause, has been a source of problems in the past because it is rather unclear whether projects using it can also include GPL-licensed code. Most distributions seem to be comfortable that OpenSSL can be considered a "system library", so that linking to it does not require OpenSSL to have a GPL-compatible license, but the Free Software Foundation (FSF) and, unsurprisingly, Debian are not on board with that interpretation. This licensing issue recently reared its head again in a thread on the pgsql-hackers (PostgreSQL development) mailing list.

"For command-line-oriented programs, the GNU readline library, which allows various types for command-line editing, is a common addition. But readline is licensed under the GPL (rather than the LGPL), which means that programs which use it must have a compatible license and PostgreSQL's BSD-ish permissive license certainly qualifies. But the OpenSSL license puts additional restrictions on its users and is thus not compatible with the GPL. Whether that is a real problem in practice depends on how you interpret the GPL and whether OpenSSL qualifies for the system library exception."

Complete Story

Related Stories:

• Testing Linux Mail Servers with OpenSSL (Feb 15, 2011)
• SSL Certificates For PostgreSQL(Jan 02, 2011)
• Creating Self-Signed SSL Certificates for Apache on Linux(Dec 22, 2010)
• 7 Practical uses of Openssl(Dec 09, 2010)
• Red Hat warns of hole in OpenSSL(Nov 17, 2010)
• The EFF SSL Observatory(Aug 06, 2010)