Axel needs a new license to implement SSL

[eribertomota]

Considering the HTTPS and FTPS implementation[1] done by @sdt , Axel needs a special permission to linking with OpenSSL.

[1] https://github.com/eribertomota/axel/compare/master...sdt:https

So, I will use this issue to try formalise it.

[eribertomota]

On April 30, 2016, I sent the following email message to Wilmer van der Gaast (original Axel author), Giridhar Appaji Nag (@appaji) and Philipp Hagemeister (@phihag), with a CC to Stephen Thirlwall (@sdt):

Date: Sat, 30 Apr 2016 23:58:46 -0300 From: Eriberto Mota eriberto@debian.org To: [...] Cc: [...] Subject: Axel, we need link to OpenSSL Mime-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg="PGP-SHA256"; boundary="Signature=_Sat__30_Apr_2016_23_5846-0300_5edpE1rms1+zgwwI"

--Signature=_Sat__30_Apr_2016_23_5846-0300_5edpE1rms1+zgwwI Content-Type: text/plain; charset=US-ASCII Content-Disposition: inline Content-Transfer-Encoding: quoted-printable

Hi Wilmer, Giridhar and Philipp,

Currently, I and Stephen are maintaining Axel, as upstream, in GitHub[1]. I am also the current Axel maintainer in Debian.

[1] https://github.com/eribertomota/axel [2] https://packages.qa.debian.org/a/axel.html

Recently, Stephen proposed some changes to implement HTTPS and FTPS in Axel[3].

These changes need to link the source code with OpenSSL library. To finish this work, we need change the Axel licensing from 'GPL-2+' to 'GPL-2+ with OpenSSL exception'. If needed, there is a little explanation about this proccess here[4].

[3] https://github.com/eribertomota/axel/compare/master...sdt:https [4] https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/#lice= nse-syntax

Considering that you (Wilmer, Giridhar and Philip) have copyright over the source code, we need your consent to change the licensing to 'GPL-2+ with OpenSSL exception'.

Thanks a lot in advance.

Regards,

Eriberto

--Signature=_Sat__30_Apr_2016_23_5846-0300_5edpE1rms1+zgwwI Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE----- Version: GnuPG v2

iQIcBAEBCAAGBQJXJXDsAAoJEN5juccE6+nvh2IP/0CCJ+kW9Ig8ts7YxZelZlky hhP+dI8GoWUWuDcw4+fn25PS8AKDu08iS2c5QUnpwpAbWJo/d5Fd//Hgn/4URVrZ A5QL1DTIBwFxh9zoOBNCn2qD6LFvcju5ZW1LbeJq22BY0hFWkARcsGVhkRRZUTOl Z2Og3G4eKg8itaV3T0MBeD+Cfkxypk6dXM/dU4iSqmyxj0Ruq/SEvKCBT9uqAxJ4 Z0rAO4PWVMHFReUDBqQ+p6+k54quM+ivE36ayhHr+7EQqQq6t2qDEWBXzYiluYia XiZJueT6j1uaXvwLFh8WlSSsMSbmT+PCl1McBhJJ75ZyDohGS0czlDeastSEYryE KheuUhGg3dq0ob4Da31D2C2IPSryNTxwbJFmIXKqDBKC6+cLvX+CXXKmzROPxql5 jt3351Vum+Gz0MKpJT2sWZ7NOM0EiBJKPVy1dIHhGrLvBjY2OWURrhkGEh47QulW yRN4d898+c31sCCdQ7lLfwnkAxt+zRdQE8tRAiwKhv5IxysVuJLxtW3XY+Y8tvpZ xfo0Ui0loAlp88NyVQJEZW7p3hnEjLXSuPPcKmpqjCqNbcUldRaVp9Zp6vX973kK 5xGndldx1Nr5ORNn18X0e2dScfA7UOP8PDS9wV1X2YZOA+pWG5v1ynFa4gahCaOT rImiykhT5Y8fCyiSWHwu =Km24 -----END PGP SIGNATURE-----

--Signature=_Sat__30_Apr_2016_23_5846-0300_5edpE1rms1+zgwwI--

[eribertomota]

On May 1, 2016, Philipp Hagemeister (@phihag) replied as shown below. Thanks Philipp!

Subject: Re: Axel, we need link to OpenSSL To: eriberto@debian.org From: Philipp Hagemeister Date: Sun, 1 May 2016 08:28:01 +0200

I hereby put all my contributions to Axel under

• GPL-2+
• MIT
• GPL-2+ with OpenSSL exception

at your choice.

- Philipp Hagemeister

[eribertomota]

On May 1, 2016, Wilmer van der Gaast replied as shown below. Thanks Wilmer!

From: Wilmer van der Gaast wilmer@gaast.net To: eriberto@debian.org Subject: Re: Axel, we need link to OpenSSL Date: Sun, 1 May 2016 20:43:51 +0900

Oh wow, Axel is still alive? :-D

On 01-05-16 11:58, Eriberto Mota wrote:

=20 These changes need to link the source code with OpenSSL library. To fin= ish this work, we need change the Axel licensing from 'GPL-2+' to 'GPL-2+ w= ith OpenSSL exception'. If needed, there is a little explanation about this=

proccess here[4]. [...]

Yes, I am familiar with this process. :-(

I have no objections. No clue how much of the code is still mine at this point as I haven't touched it in ten years but did write the initial version at the time. (Up to version 1.0a I think.)

There were some minor contributions from others, though without version control history it's not very easy to find out about that. Though I think I remember the few people who may at all have some code in it and I could ask them if you need to know this for every (minor) contributor.

Considering that you (Wilmer, Giridhar and Philip) have copyright over = the source code, we need your consent to change the licensing to 'GPL-2+ wi= th OpenSSL exception'. =20 You have mine, let me know if you need it from some other early-hours contributors.

Cheers,

Wilmer van der Gaast.

[eribertomota]

Now, I will wait a reply from Giridhar Appaji Nag (@appaji) to change the license. :-)

[appaji]

I am happy to re-license code under the following

Apache v2.0, GPL v2 or later, and GPL v2 or later with OpenSSL exception.

One of the philosophies of axel was to keep the dependencies on external libraries to be zero so that it can be bundled into smaller systems. While you enable HTTPS functionality, I would like you to keep that compile-time configurable.

Giridhar

Giridhar Yasa | Flipkart Engineering | http://www.flipkart.com/

On Tue, May 3, 2016 at 6:05 AM, Joao Eriberto Mota Filho < notifications@github.com> wrote:

Now, I will wait a reply from Giridhar Appaji Nag (@appaji https://github.com/appaji) to change the license. :-)

— You are receiving this because you were mentioned. Reply to this email directly or view it on GitHub https://github.com/eribertomota/axel/issues/15#issuecomment-216404630

[sdt]

:+1:

Thanks Giridhar. That's a good point - I'll make sure there's a --without-openssl config option.

[eribertomota]

Thanks a lot Giridhar!

Regards,

Eriberto

2016-05-03 1:57 GMT-03:00 Giridhar Yasa notifications@github.com:

I am happy to re-license code under the following

Apache v2.0, GPL v2 or later, and GPL v2 or later with OpenSSL exception.

One of the philosophies of axel was to keep the dependencies on external libraries to be zero so that it can be bundled into smaller systems. While you enable HTTPS functionality, I would like you to keep that compile-time configurable.

Giridhar

Giridhar Yasa | Flipkart Engineering | http://www.flipkart.com/

On Tue, May 3, 2016 at 6:05 AM, Joao Eriberto Mota Filho < notifications@github.com> wrote:

Now, I will wait a reply from Giridhar Appaji Nag (@appaji https://github.com/appaji) to change the license. :-)

— You are receiving this because you were mentioned. Reply to this email directly or view it on GitHub https://github.com/eribertomota/axel/issues/15#issuecomment-216404630

— You are receiving this because you authored the thread. Reply to this email directly or view it on GitHub https://github.com/eribertomota/axel/issues/15#issuecomment-216435255

[eribertomota]

@sdt Now, we can change to 'GPL-2+ with OpenSSL exception'.

After your changes, I will swap the licensing. But, don't worry; don't need to hurry to implement the new features.

@phihag and @appaji , you are welcome to help to revive Axel, if you wish. There are several bugs opened now in Debian, Ubuntu, Fedora, Arch Linux, Gentoo, etc[1]. And thanks for all previous work.

[1] https://github.com/eribertomota/axel/blob/master/CONTRIBUTING.md

Cheers,

Eriberto

[denji]

SSL deprecated, maybe TLS (RFC7568)?

The Secure Sockets Layer version 3.0 (SSLv3), as specified in RFC
6101, is not sufficiently secure.  This document requires that SSLv3
not be used.  The replacement versions, in particular, Transport
Layer Security (TLS) 1.2 (RFC 5246), are considerably more secure and
capable protocols.

This document updates the backward compatibility section of RFC 5246
and its predecessors to prohibit fallback to SSLv3.

[eribertomota]

Hi,

It must be talked with @sdt. However, I think that openssl will be used in the same way. For HTTP and FTP, as far as I know, the crypto has an uniq implemntation form.

Regards,

Eriberto

2016-05-28 22:55 GMT-03:00 Denis Denisov notifications@github.com:

SSL deprecated, maybe TLS?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/eribertomota/axel/issues/15#issuecomment-222338276, or mute the thread https://github.com/notifications/unsubscribe/AGIyrqBEwkGxa3XC64HfzSkV7QEHruO6ks5qGPINgaJpZM4ITiL3 .

[eribertomota]

Done! 9bffe66