[Libwebsockets] License obligations

Andy Green andy at warmcat.com
Tue May 4 17:07:48 CEST 2021



On 5/4/21 2:29 PM, krushith rao wrote:
> Hello,
> 
> I am using libwebsockets to build a commercial application. Since 
> libwebsockets is under MIT license, I need to provide attribution and 
> copyright notice in the redistribution of my application.
> Unfortunately, I have found that in the license folder that 

...

> libwebsockets also includes other programms which are under different 
> permissive licenses like BSD clause 2, Apache 2.0 and Public domain 
> license. So, to comply with license of the other components included in 
> the libwebsockets, do i need to provide a copy of BSD clause -2, apache 
> 2.0 and public domain license in the redistribution of my application. 

I Am Not A Lawyer, but from my side for my code, it's OK for me if you 
point to ./LICENSE in the version of lws gitweb you built, something like

https://libwebsockets.org/git/libwebsockets/tree/LICENSE?h=v4.2-stable

since that file describes the main license and the gnarly details.

To help with that, I bolstered what's in LICENSE on main with copies of 
the mentioned licenses from the sources elsewhere in lws.  There is no 
change to the license, it's just copying the unchanged license text from 
some lws files into one place as an additional convenience after the 
license stuff that was already there.

Apart from MIT, and CC0 which has no requirements on you, the imported 
pieces are only built into binaries under specific circumstances.

  - BSD3: the related SHA-1 implementation for ws is only built if you 
a) use we protocol with lws, and b) don't build with 
`-DLWS_WITHOUT_BUILTIN_SHA1=1` ... that disables the code in question 
and uses the tls library sha-1 instead.

  - ZLIB: zlib... this is not built into your binary by default, you 
have to enable `-DLWS_WITH_ZLIB=1` and then be building for windows 
before it gets built into lws.  So unless you did that, the license 
won't apply to the binary since no zlib code is built.

  - APACHE2: this is for the mbedtls wrapper, if you build against 
anything except mbedtls (openssl, wolfssl, libressl, boringssl etc) it 
will not apply to your binary since it's not built in there.

So AIUI you have a way to avoid having to deal with the requirements of 
those additional licenses **for binary distribution** by ensuring the 
related code was not built into your binary.  For source distribution, 
you have to observe them, but AFAIK just serving someone the unchanged 
tarball is compliant for that.

You can also send patches with MIT-licensed alternatives I can swap 
these things out for.  But I think you will find, if you have to 
consider that, it's not really so "unfortunate" we got some free 
implementations we can use or base off without rewriting them.  It'd be 
ideal if everyone agreed on one liberal license so no impedance mismatch 
(some of the composed code was already MIT, so it does happen), but 
that's not how it is out there at the moment.

-Andy


> If so, please let me know.
> 
> Thanks in advance
> 
> Regards,
> sand
> 
> _______________________________________________
> Libwebsockets mailing list
> Libwebsockets at ml.libwebsockets.org
> https://libwebsockets.org/mailman/listinfo/libwebsockets
> 


More information about the Libwebsockets mailing list