add license exception for OpenSSL

[anarcat]

Coming from #12 - now that gnutls was ripped out of Charybdis, we need a license exception to legally link against OpenSSL.

A statement such as this would be sufficient:

Charybdis is licensed under the GNU General Public License version 2 with the
addition of the following special exception:

In addition, as a special exception, the copyright holders give
permission to link the code of portions of this program with the OpenSSL
library.
You must obey the GNU General Public License in all respects for all of
the code used other than OpenSSL. If you modify file(s) with this
exception, you may extend this exception to your version of the file(s),
but you are not obligated to do so. If you do not wish to do so, delete
this exception statement from your version. If you delete this exception
statement from all source files in the program, then also delete it here.

According to mrflea, the only file that is linked against the OpenSSL code would be libratbox/src/openssl.c, so that fix should be rather trivial.

[kaniini]

We have already discussed this amongst many stakeholders involved in that code, and it is general consensus that nobody has sufficient authority to do this, as the I/O subsystem originally comes from squid. It would, at the very least, require Adrian Chadd's approval.

[anarcat]

well, this means then that charybdis is infringing the GPL by linking against OpenSSL. i don't understand how we can simply close this and move on.

[micah]

I looked at libratbox/src/openssl.c and I don't see Adrian Chadd anywhere in the copyright:

• Copyright (C) 2007-2008 ircd-ratbox development team
• Copyright (C) 2007-2008 Aaron Sethman androsyn@ratbox.org

I don't get how squid or Adrian Chadd are involved here at all? If he wrote this code, why are those people's names on it?

[anarcat]

So the problem with that is that line:

Copyright (C) 2007-2008 ircd-ratbox development team

This can be anybody and everybody, basically. I started digging in ratbox's history through their SVN repo, and Aaron Sethman (androsyn) is a significant contributor to openssl.c. The file itself was created by androsyn on 2007-07-24 when the openssl code was centralised and made optional. I couldn't dig further down in the history because I can't reach their svn server reliably. I stopped trying to look at revision 24055.

Other information about ratbox:

• it was accepted in Debian in 2007 (see the ITP)
• in the debian package, SSL support was activated in 2008 with gnuTLS and uploaded in Debian in 2010 with 3.0.6.dfsg-1
• it is a "dfsg" because doc/technical/rfc1459.txt was removed, not because of OpenSSL as I first thought
• the upstream contact is ircd-ratbox@lists.ratbox.org
• ratbox itself claims SSL support through OpenSSL shamelessly, so they have similar license issues than charybdis, however the Debian package uses the gnutls binding
• there's a patch in the debian package for the gnutls support, which was included in 3.0.7, and which charybdis doesn't have - other than that, the gnutls code is identical
• I have tried to make SSL work in ircd-ratbox for a while then gave up, I can only assume it has the same problems as charybdis at this point

[anarcat]

After converting the libratbox SVN repository into a git repo (!), I was able to process the archeology of openssl.c. That file was almost completely authored by Aaron Sethman androsyn@ratbox.org, with some bits by jilles. dukbat also updated the copyright header in 2012. However, the code was first introduced (in http://svn.ratbox.org/svnroot/libircd/trunk@24005 or 2e52aba7 in git) within src/commio.c, which was part of the original IRCd, so:

• Copyright (C) 1990 Jarkko Oikarinen and University of Oulu, Co Center
• Copyright (C) 1996-2002 Hybrid Development Team
• Copyright (C) 2002-2005 ircd-ratbox development team

Now whether or not one would need approval from those 2 vague entities and WiZ is beyond my comprehension of the software copyright law.

So to change the copyright, we would need approval, I believe, of at least ircd-ratbox@lists.ratbox.org, then explicitely from androsyn, then probably also dukbat and jilles, and then maybe also from the Hybrid team (!) and Jarkko and finally possibly even from all the remaining mess of authors in doc/old/authors (see also debian/copyright for the astounding coypright maze of charybdis).

[anarcat]

more information on this mess:

12:03:43 <@nenolod> changing the license is not possible, as i mentioned
12:04:41 <anarcat> why?
12:05:28 <@nenolod> essentially, commio.c is derivative work of squid
12:05:54 <anarcat> but you consider openssl.c to be a derivative work of commio.c?
12:06:23 <@nenolod> it doesn't matter, by FSF guidelines, they count the entire library the entire library linking
12:06:26 <@nenolod> oops
12:06:33 <@nenolod> the entire library linking
12:06:47 <@nenolod> so one file having an exemption does not matter
12:07:02 <anarcat> okay
12:07:05 <@nenolod> the other files would have to carry the same exemption due to having external linkage
12:07:13 <anarcat> so ircd-ratbox and charybdis are infridging the GPL
12:07:33 <@nenolod> in the configuration of having SSL linked into that code yes
12:07:43 <anarcat> well, it's the only configuration left is it
12:07:52 <@nenolod> there is 'build without ssl'
12:08:00 <@nenolod> the practical value is
12:08:05 <@nenolod> we can probably get away with it
12:08:12 <@nenolod> but it's ... less than kosher
12:08:31 <anarcat> well, *we* can't get away with it in debian
12:08:44 <anarcat> this makes charybdis + ssl basically impossible to redistribute
12:08:57 <anarcat> so it makes the package unusable