diff options
Diffstat (limited to 'docs')
-rw-r--r-- | docs/LICENSE-MIXING | 130 | ||||
-rw-r--r-- | docs/LICENSE-MIXING.md | 124 | ||||
-rw-r--r-- | docs/Makefile.am | 2 |
3 files changed, 125 insertions, 131 deletions
diff --git a/docs/LICENSE-MIXING b/docs/LICENSE-MIXING deleted file mode 100644 index d8e36ca46..000000000 --- a/docs/LICENSE-MIXING +++ /dev/null @@ -1,130 +0,0 @@ - License Mixing with apps, libcurl and Third Party Libraries - =========================================================== - -libcurl can be built to use a fair amount of various third party libraries, -libraries that are written and provided by other parties that are distributed -using their own licenses. Even libcurl itself contains code that may cause -problems to some. This document attempts to describe what licenses libcurl and -the other libraries use and what possible dilemmas linking and mixing them all -can lead to for end users. - -I am not a lawyer and this is not legal advice! - -One common dilemma is that GPL[1]-licensed code is not allowed to be linked -with code licensed under the Original BSD license (with the announcement -clause). You may still build your own copies that use them all, but -distributing them as binaries would be to violate the GPL license - unless you -accompany your license with an exception[2]. This particular problem was -addressed when the Modified BSD license was created, which does not have the -announcement clause that collides with GPL. - -libcurl https://curl.haxx.se/docs/copyright.html - - Uses an MIT (or Modified BSD)-style license that is as liberal as - possible. - -OpenSSL https://www.openssl.org/source/license.html - - (May be used for SSL/TLS support) Uses an Original BSD-style license - with an announcement clause that makes it "incompatible" with GPL. You - are not allowed to ship binaries that link with OpenSSL that includes - GPL code (unless that specific GPL code includes an exception for - OpenSSL - a habit that is growing more and more common). If OpenSSL's - licensing is a problem for you, consider using another TLS library. - -GnuTLS http://www.gnutls.org/ - - (May be used for SSL/TLS support) Uses the LGPL[3] license. If this is - a problem for you, consider using another TLS library. Also note that - GnuTLS itself depends on and uses other libs (libgcrypt and - libgpg-error) and they too are LGPL- or GPL-licensed. - -WolfSSL https://www.wolfssl.com/ - - (May be used for SSL/TLS support) Uses the GPL[1] license or a - propietary license. If this is a problem for you, consider using - another TLS library. - -NSS https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS - - (May be used for SSL/TLS support) Is covered by the MPL[4] license, - the GPL[1] license and the LGPL[3] license. You may choose to license - the code under MPL terms, GPL terms, or LGPL terms. These licenses - grant you different permissions and impose different obligations. You - should select the license that best meets your needs. - -axTLS http://axtls.sourceforge.net/ - - (May be used for SSL/TLS support) Uses a Modified BSD-style license. - -mbedTLS https://tls.mbed.org/ - - (May be used for SSL/TLS support) Uses the GPL[1] license or a - propietary license. If this is a problem for you, consider using - another TLS library. - -BoringSSL https://boringssl.googlesource.com/ - - (May be used for SSL/TLS support) As an OpenSSL fork, it has the same - license as that. - -libressl http://www.libressl.org/ - - (May be used for SSL/TLS support) As an OpenSSL fork, it has the same - license as that. - -c-ares https://daniel.haxx.se/projects/c-ares/license.html - - (Used for asynchronous name resolves) Uses an MIT license that is very - liberal and imposes no restrictions on any other library or part you - may link with. - -zlib http://www.zlib.net/zlib_license.html - - (Used for compressed Transfer-Encoding support) Uses an MIT-style - license that shouldn't collide with any other library. - -MIT Kerberos http://web.mit.edu/kerberos/www/dist/ - - (May be used for GSS support) MIT licensed, that shouldn't collide - with any other parts. - -Heimdal http://www.h5l.org - - (May be used for GSS support) Heimdal is Original BSD licensed with - the announcement clause. - -GNU GSS https://www.gnu.org/software/gss/ - - (May be used for GSS support) GNU GSS is GPL licensed. Note that you - may not distribute binary curl packages that uses this if you build - curl to also link and use any Original BSD licensed libraries! - -libidn http://josefsson.org/libidn/ - - (Used for IDNA support) Uses the GNU Lesser General Public - License [3]. LGPL is a variation of GPL with slightly less aggressive - "copyleft". This license requires more requirements to be met when - distributing binaries, see the license for details. Also note that if - you distribute a binary that includes this library, you must also - include the full LGPL license text. Please properly point out what - parts of the distributed package that the license addresses. - -OpenLDAP http://www.openldap.org/software/release/license.html - - (Used for LDAP support) Uses a Modified BSD-style license. Since - libcurl uses OpenLDAP as a shared library only, I have not heard of - anyone that ships OpenLDAP linked with libcurl in an app. - -libssh2 https://www.libssh2.org/ - - (Used for scp and sftp support) libssh2 uses a Modified BSD-style - license. - -[1] = GPL - GNU General Public License: https://www.gnu.org/licenses/gpl.html -[2] = https://www.gnu.org/licenses/gpl-faq.html#GPLIncompatibleLibs details on - how to write such an exception to the GPL -[3] = LGPL - GNU Lesser General Public License: - https://www.gnu.org/licenses/lgpl.html -[4] = MPL - Mozilla Public License: - https://www.mozilla.org/MPL/ diff --git a/docs/LICENSE-MIXING.md b/docs/LICENSE-MIXING.md new file mode 100644 index 000000000..0bff73e6d --- /dev/null +++ b/docs/LICENSE-MIXING.md @@ -0,0 +1,124 @@ +License Mixing +============== + +libcurl can be built to use a fair amount of various third party libraries, +libraries that are written and provided by other parties that are distributed +using their own licenses. Even libcurl itself contains code that may cause +problems to some. This document attempts to describe what licenses libcurl and +the other libraries use and what possible dilemmas linking and mixing them all +can lead to for end users. + +I am not a lawyer and this is not legal advice! + +One common dilemma is that [GPL](https://www.gnu.org/licenses/gpl.html) +licensed code is not allowed to be linked with code licensed under the +[Original BSD license](https://spdx.org/licenses/BSD-4-Clause.html) (with the +announcement clause). You may still build your own copies that use them all, +but distributing them as binaries would be to violate the GPL license - unless +you accompany your license with an +[exception](https://www.gnu.org/licenses/gpl-faq.html#GPLIncompatibleLibs). This +particular problem was addressed when the [Modified BSD +license](https://opensource.org/licenses/BSD-3-Clause) was created, which does +not have the announcement clause that collides with GPL. + +## libcurl + + Uses an [MIT style license](https://curl.haxx.se/docs/copyright.html) that is + very liberal. + +## OpenSSL + + (May be used for SSL/TLS support) Uses an Original BSD-style license with an + announcement clause that makes it "incompatible" with GPL. You are not + allowed to ship binaries that link with OpenSSL that includes GPL code + (unless that specific GPL code includes an exception for OpenSSL - a habit + that is growing more and more common). If OpenSSL's licensing is a problem + for you, consider using another TLS library. + +## GnuTLS + + (May be used for SSL/TLS support) Uses the + [LGPL](https://www.gnu.org/licenses/lgpl.html) license. If this is a problem + for you, consider using another TLS library. Also note that GnuTLS itself + depends on and uses other libs (libgcrypt and libgpg-error) and they too are + LGPL- or GPL-licensed. + +## WolfSSL + + (May be used for SSL/TLS support) Uses the GPL license or a propietary + license. If this is a problem for you, consider using another TLS library. + +## NSS + + (May be used for SSL/TLS support) Is covered by the + [MPL](https://www.mozilla.org/MPL/) license, the GPL license and the LGPL + license. You may choose to license the code under MPL terms, GPL terms, or + LGPL terms. These licenses grant you different permissions and impose + different obligations. You should select the license that best meets your + needs. + +## axTLS + + (May be used for SSL/TLS support) Uses a Modified BSD-style license. + +## mbedTLS + + (May be used for SSL/TLS support) Uses the GPL license or a propietary + license. If this is a problem for you, consider using another TLS library. + +## BoringSSL + + (May be used for SSL/TLS support) As an OpenSSL fork, it has the same + license as that. + +## libressl + + (May be used for SSL/TLS support) As an OpenSSL fork, it has the same + license as that. + +## c-ares + + (Used for asynchronous name resolves) Uses an MIT license that is very + liberal and imposes no restrictions on any other library or part you may link + with. + +## zlib + + (Used for compressed Transfer-Encoding support) Uses an MIT-style license + that shouldn't collide with any other library. + +## MIT Kerberos + + (May be used for GSS support) MIT licensed, that shouldn't collide with any + other parts. + +## Heimdal + + (May be used for GSS support) Heimdal is Original BSD licensed with the + announcement clause. + +## GNU GSS + + (May be used for GSS support) GNU GSS is GPL licensed. Note that you may not + distribute binary curl packages that uses this if you build curl to also link + and use any Original BSD licensed libraries! + +## libidn + + (Used for IDNA support) Uses the GNU Lesser General Public License [3]. LGPL + is a variation of GPL with slightly less aggressive "copyleft". This license + requires more requirements to be met when distributing binaries, see the + license for details. Also note that if you distribute a binary that includes + this library, you must also include the full LGPL license text. Please + properly point out what parts of the distributed package that the license + addresses. + +## OpenLDAP + + (Used for LDAP support) Uses a Modified BSD-style license. Since libcurl uses + OpenLDAP as a shared library only, I have not heard of anyone that ships + OpenLDAP linked with libcurl in an app. + +## libssh2 + + (Used for scp and sftp support) libssh2 uses a Modified BSD-style license. diff --git a/docs/Makefile.am b/docs/Makefile.am index 445d3fa2e..149e0af42 100644 --- a/docs/Makefile.am +++ b/docs/Makefile.am @@ -36,7 +36,7 @@ CLEANFILES = $(GENHTMLPAGES) $(PDFPAGES) EXTRA_DIST = MANUAL BUGS CONTRIBUTE.md FAQ FEATURES INTERNALS.md SSLCERTS.md \ README.win32 RESOURCES TODO TheArtOfHttpScripting THANKS VERSIONS \ KNOWN_BUGS BINDINGS $(man_MANS) $(HTMLPAGES) HISTORY.md INSTALL \ - $(PDFPAGES) LICENSE-MIXING README.netware INSTALL.devcpp \ + $(PDFPAGES) LICENSE-MIXING.md README.netware INSTALL.devcpp \ MAIL-ETIQUETTE HTTP-COOKIES.md SECURITY.md RELEASE-PROCEDURE SSL-PROBLEMS.md \ HTTP2.md ROADMAP.md CODE_OF_CONDUCT.md CODE_STYLE.md CHECKSRC.md |