You are viewing a plain text version of this content. The canonical link for it is here.

Posted to legal-discuss@apache.org by "Nico Kruber (JIRA)" <ji...@apache.org> on 2018/07/12 14:06:00 UTC

[jira] [Created] (LEGAL-393) Shipping boringssl/OpenSSL binaries along Apache Flink

Nico Kruber created LEGAL-393:
---------------------------------

             Summary: Shipping boringssl/OpenSSL binaries along Apache Flink
                 Key: LEGAL-393
                 URL: https://issues.apache.org/jira/browse/LEGAL-393
             Project: Legal Discuss
          Issue Type: Question
            Reporter: Nico Kruber


As part of providing the ability to use an OpenSSL-based SSL engine in Apache Flink, I need to include the [{{netty-tcnative}}|http://netty.io/wiki/forked-tomcat-native.html#wiki-h2-4] binaries into our {{flink-shaded-netty-4}} artifacts. {{netty-tcnative}} itself is Apache 2 licensed, but since both [OpenSSL|https://www.openssl.org] as well as [boringssl|https://github.com/google/boringssl] (a fork of OpenSSL) are BSD-style licences (https://github.com/google/boringssl/blob/master/LICENSE, https://www.openssl.org/source/license.html) and not Apache 2 (yet?), I was a bit worried about the implications and which way to go.

The following options are available:

a) using a jar file with native code dynamically linked against system OpenSSL libraries (there the jar contains only Apache 2 code)
b) using a jar file with statically linked binaries

Now both have their individual technical consequences but which of these two (if any) qualifies from a legal perspective and what are the implications?



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org