Marc-Andre Lemburg <mal@egenix.com> added the comment: Martin v. Löwis wrote:
Martin v. Löwis <martin@v.loewis.de> added the comment:
Which specific clause of the license do you consider violated?
* 3. All advertising materials mentioning features or use of this * software must display the following acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
I fail to see the violation, or how changing the download page could fix that. The download page is *not* "advertising material mentioning features or use of this software". In fact, the download page doesn't refer to SSL at all. Hence there is no obligation to mention OpenSSL on the download page.
* 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@cryptsoft.com)"
Likewise.
The license only permits you to use and distribute OpenSSL under the conditions mentioned in the license. Since we are not following those old-style BSD license requirements (which are unfortunate), we are not allowed to use the software: The python.org site is full of references to OpenSSL. Most prominently in the documentation of the ssl and hashlib modules, but also in the release notes/news and other files. By contrast, the name "Eric Young" does not appear anywhere on the site (according to a Google search). We can remedy this easily, but putting the notices on the download pages. Perhaps just putting them into the documentation is already good enough.
* 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
This doesn't apply: we don't include any code (Windows specific or not) from the apps directory.
Ok, so we don't have to add this part.
I'd suggest to add a paragraph like this to the release pages:
-1, unless the PSF lawyer advises that such a paragraph is indeed necessary. It may shy away users from using Python, which is clearly undesirable.
So you'd rather have some users get in trouble for downloading and using crypto software, due import laws or domestic laws restricting its use in their country ? Deliberately hiding this information from the user, doesn't sound like a good approach to the problem. However, I agree that this is a question to ask the PSF board. There's probably a better wording for such a text, but some kind of note of caution needs to go on the website. ---------- title: Python download page needs to mention crypto code in Windows installer -> Python download page needs to mention crypto code in Windows installer _______________________________________ Python tracker <report@bugs.python.org> <http://bugs.python.org/issue9119> _______________________________________