On Mon, Jul 04, 2016 at 08:33:02AM +0200, Florian Weimer wrote:
cryptlib is licensed under the Sleepycat license with a SaaS
“Note that decoupling the software from the user, for example by running in
a SaaS configuration, does not exempt you from these requirements.”
(Full text attached.)
This was not part of the original Sleepycat license, so a new license tag is
Maybe this license is not even free; this additional clause seems to be a
restriction on use. But perhaps it is not so different from the AGPL.
It's not really clear how the additional sentence modifies "these
requirements". I suppose it suggests that the author equates "running
in a SaaS configuration" as equivalent to "redistribution". This
degree of restrictiveness is difficult to reconcile with either GPLv2
I am also mindful of the interpretive principle I used to occasionally
espouse, essentially that we should scrutinize especially closely the
conditions of any bespoke copyleft license (or standard copyleft
license apparently supplemented by bespoke informal restrictive
interpretive statements), where the business model of the licensor is
some variant of 'proprietary relicensing', as (it seems) here.
So, overall I'm inclined to say this license (which is not equivalent
to the Sleepycat license) is free but should be treated as
incompatible with GPLv2 and GPLv3, despite the author's effort to
benefit from the traditional understanding of GPL compatibility of the
original Sleepycat license, and despite my earlier comment.
Separately, I am going to notify Patrick Masson of the Open Source
Initiative that cryptlib appears to be improperly claiming OSI
certification based on the use of a license that is not OSI-approved.