A close look at the openssl package bundled with Fedora Core 2 from
Red Hat reveals that the patents in question appear to cover MDC-2,
IDEA, RC5, and EC. All of these are disabled (i.e.: not even built) in
the Fedora Core 2 version of openssl. There is a even a short comment
section at the top of the 'hobble-openssl' script with some patent
numbers and expiration dates.
So the patent question is answered to my satisfaction regarding SSL in
at least Fedora Core 2. I don't know what other FOSS operating systems
do, but if they do what some are doing with MP3 then they are risking
litigation by the patent holders. That is their choice. Why anyone
would hold that choice up as an example of what people think is okay is
a stretch. Nor do I think it is advisable for this working group to
force FOSS developers into the position of making this choice. Those
that make that choice with respect to MP3 and SSL may be just taking a
calculated risk. No one knows until someone asks.
There is also the question of GPL compatibility and SSL. I see no
reason why SSL as a standard would not be, provided that the patented
algorithms are not implemented. It is apparent from the Fedora Core 2
package that they are not needed, anyhow.
But when it comes to the licensing of OpenSSL and the linking of GPLed
applications with it, the FAQ included with OpenSSL states what I
expected it would:
...
[LEGAL] Legal questions
...
* Can I use OpenSSL with GPL software?
...
* Can I use OpenSSL with GPL software?
On many systems including the major Linux and BSD distributions, yes (the
GPL does not place restrictions on using libraries that are part of the
normal operating system distribution).
On other systems, the situation is less clear. Some GPL software copyright
holders claim that you infringe on their rights if you use OpenSSL with
their software on operating systems that don't normally include OpenSSL.
If you develop open source software that uses OpenSSL, you may find it
useful to choose an other license than the GPL, or state explicitly that
"This program is released under the GPL with the additional exemption that
compiling, linking, and/or using OpenSSL is allowed." If you are using
GPL software developed by others, you may want to ask the copyright holder
for permission to use their software with OpenSSL.
...
Hence the motivation for GNUTLS.
Between the patented algorithms being disabled in OpenSSL (at least on
Fedora Core 2) and the development of GNUTLS, I'd say the FOSS community
is pretty proactive in solving problems like this when they are known.
Which is why many are opposed to this Sender-ID patent license. We
don't want another one that we need to work around, particular one that
may not be possible to work around.
--
-Paul Iadonisi
Senior System Administrator
Red Hat Certified Engineer / Local Linux Lobbyist
Ever see a penguin fly? -- Try Linux.
GPL all the way: Sell services, don't lease secrets