search

kravietz / pam_tacplus

TACACS+ protocol client library and PAM module in C. This PAM module support authentication, authorization (account management) and accounting (session management)performed using TACACS+ protocol designed by Cisco.
GNU Lesser General Public License v3.0
132 stars 102 forks source link

Licensing queries #120

Closed deastoe closed 4 years ago

deastoe commented 6 years ago

Hello,

Please could you clarify a few queries about the licensing of this project?

If I understand correctly, tacc and pam_tacplus are licensed under GPLv2; while libtac is licensed under LGPLv3? Is that correct?

OpenSSL APIs are used in various areas of the code, are there any concerns with the incompatibility of the GPL and OpenSSL licenses [1] from the contributors/copyright holders? The license files of this project don't appear to contain an explicit exemption to allow linking against OpenSSL.

Without backporting patches, the stable 1.4.1 release does not build unless linked with OpenSSL.

Thanks!

[1] https://people.gnome.org/~markmc/openssl-and-the-gpl

gollub commented 6 years ago

@kravietz , @jeroennijhof , @pprindeville , @deastoe ,

my suggestion would be to add following license exception statement, as documented as sample in the Debian license specification:

https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/

In addition, as a special exception, the copyright holders give permission to link the code of portions of this program with the OpenSSL library under certain conditions as described in each individual source file, and distribute linked combinations including the two.

You must obey the GNU General Public License in all respects for all of the code used other than OpenSSL. If you modify file(s) with this exception, you may extend this exception to your version of the file(s), but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. If you delete this exception statement from all source files in the program, then also delete it here.

References how this is done in other projects:

https://openvpn.net/index.php/license.html

https://gitlab.gnome.org/GNOME/glib-networking/commit/fab6296984215c92c2b69ab65fbea1676553c60a https://gitlab.gnome.org/GNOME/glib-networking/commit/722eadb80b393a17eb9ea0f2d4825c12d2300c32

Should the existing license file get annotated, or should we create a separate file as done in the glib-networking sample?

Thoughts?

kravietz commented 6 years ago

Makes perfect sense to me.