Marc-Andre Lemburg <mal@egenix.com> added the comment: Terry J. Reedy wrote:
Terry J. Reedy <tjreedy@udel.edu> added the comment:
This is really two issues: docs and windows builds. As for docs:
Many of the module doc pages mention original authors and give urls for further info. The ssl page already says " This module uses the OpenSSL library." Rather than fuss over whether the doc constitutes 'advertising material' (and a lawyer certain could claim it does), we can easily expand the above to
"This module includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/) and cryptographic software written by Eric Young (eay@cryptsoft.com)."
or whatever would be correct. This wording better meets the attribution requirement *and* is more informative to users.
+1
The download page currently does not contain the word 'license', which I think is an omission that should be filled. I think it should include something like the following reasonably near the top:
"The History and License for each version is included with its document set. In layperson's terms, the license more or less says that you can use Python as you wish as long as you 1) do not claim ownership of the name or code, and 2) assume full legal and moral responsibility for the downloading and use of the code, including the cryptographic modules."
Fine with me. The text should also link to actual current license text: http://docs.python.org/license.html BTW: I have a little trouble actually finding the license text on the python.org web-site. It is not mentioned on the download page, there's not mention of it in the downloads nav bar, nor in the documentation section of the site. Only the "about" section includes a mention of the license and the "foundation" section even mentions it in the nav bar (but that's not where people would look to find it). What's worse: all links point to: http://www.python.org/psf/license/ and that page refers to the Python 2.6.2 license... I'll report this to the webmasters.
Builds: have there been multiple overt requests for no-crypto builds? Do any of the other build providers make such? I think this falls under "These re-packagings often include more libraries or are specialized for a particular application:" -- like being so unfortunate as to live in certain countries.
Many other providers of software builds that include crypto software either make it obvious that the builds include crypto software in their licenses (by copying the OpenSSL license into the document) or on the download page (ticking a checkbox, in case there's an export issue). Some also put the crypto code into a separate download (e.g. Java and many Linux distros). The idea with having a separate download without the crypto code was just to hint the user at a possible issue without scaring them away. If we can do the same without requiring a separate installer that would be even better. ---------- _______________________________________ Python tracker <report@bugs.python.org> <http://bugs.python.org/issue9119> _______________________________________