[Libwebsockets] License obligations

Bruce Perens bruce at perens.com
Tue May 4 23:56:43 CEST 2021


I am an intellectual property consultant, with an extensive history
regarding Open Source licensing, but not an attorney and not _your_
attorney. If you had a lawyer, I'd suggest you show this to them. But
obviously you don't. :-)

I could go down the list of which license requires that you carry a copy
along with the binary, and which doesn't, but it would make things more
complex and potentially lead to mistakes. I am going to suggest a simpler
strategy.

You (and Andy) are using and redistributing the contributed software under
the licenses granted to you. Andy has total rights to the part that he
wrote, but that is not the entire libwebsockets library. Neither you nor
Andy have any right to use and redistribute the software that he didn't
write in any way other than specified by the license.

Andy should always distribute the software with a copy of _ALL_ licenses in
a directory where that is easy to find, along with a note regarding what
licenses apply to what pieces.

You are probably integrating more than one Open Source component into your
product. Most people are. All licenses for all of the pieces, and a file
showing where you can get the original versions you used, should be in a
directory distributed along with your binary. The presence of this should
be indicated in some way to the user. They need to know it's there and to
be able to read it.

The point of this is that you don't make decisions about which license
requires what, which you are likely to get wrong. You just treat all of
them the same.

It doesn't sound like you are using any licenses that require you to
distribute source code. If you were, the instructions would be more
complicated.

    Thanks

    Bruce

On Tue, May 4, 2021 at 10:40 AM Andy Green <andy at warmcat.com> wrote:

>
>
> On 5/4/21 6:13 PM, krushith rao wrote:
> > Hello Andy Green
> >
> > Thank you so much for the information.
> > I have found LGPL 2.1 components at
> > *libwebsockets-4.1-stable/lib/abstract/protocols/smtp/smtp-sequencer.c*
> > & *libwebsockets-4.1-stable/include/libwebsockets/lws-mqtt.h*, which was
> > not included in the license folder of your repository. If you have
>
> Ugh... these are accidents that did not get updated when the rest of lws
> changed license to MIT.  Thanks for pointing them out.
>
> I pushed a patch on main, v4.2-stable, and v4.1-stable changing them to
> MIT (that they were already intended to be).
>
> -Andy
>
> > linked those specific components statically, please let me know.
> > Thanks in advance.
> >
> > Regards,
> > Sandy
> >
> > On Tue, May 4, 2021 at 5:07 PM Andy Green <andy at warmcat.com
> > <mailto:andy at warmcat.com>> wrote:
> >
> >
> >
> >     On 5/4/21 2:29 PM, krushith rao wrote:
> >      > Hello,
> >      >
> >      > I am using libwebsockets to build a commercial application. Since
> >      > libwebsockets is under MIT license, I need to provide attribution
> >     and
> >      > copyright notice in the redistribution of my application.
> >      > Unfortunately, I have found that in the license folder that
> >
> >     ...
> >
> >      > libwebsockets also includes other programms which are under
> >     different
> >      > permissive licenses like BSD clause 2, Apache 2.0 and Public
> domain
> >      > license. So, to comply with license of the other components
> >     included in
> >      > the libwebsockets, do i need to provide a copy of BSD clause -2,
> >     apache
> >      > 2.0 and public domain license in the redistribution of my
> >     application.
> >
> >     I Am Not A Lawyer, but from my side for my code, it's OK for me if
> you
> >     point to ./LICENSE in the version of lws gitweb you built, something
> >     like
> >
> >
> https://libwebsockets.org/git/libwebsockets/tree/LICENSE?h=v4.2-stable
> >     <
> https://libwebsockets.org/git/libwebsockets/tree/LICENSE?h=v4.2-stable>
> >
> >     since that file describes the main license and the gnarly details.
> >
> >     To help with that, I bolstered what's in LICENSE on main with copies
> of
> >     the mentioned licenses from the sources elsewhere in lws.  There is
> no
> >     change to the license, it's just copying the unchanged license text
> >     from
> >     some lws files into one place as an additional convenience after the
> >     license stuff that was already there.
> >
> >     Apart from MIT, and CC0 which has no requirements on you, the
> imported
> >     pieces are only built into binaries under specific circumstances.
> >
> >        - BSD3: the related SHA-1 implementation for ws is only built if
> you
> >     a) use we protocol with lws, and b) don't build with
> >     `-DLWS_WITHOUT_BUILTIN_SHA1=1` ... that disables the code in question
> >     and uses the tls library sha-1 instead.
> >
> >        - ZLIB: zlib... this is not built into your binary by default, you
> >     have to enable `-DLWS_WITH_ZLIB=1` and then be building for windows
> >     before it gets built into lws.  So unless you did that, the license
> >     won't apply to the binary since no zlib code is built.
> >
> >        - APACHE2: this is for the mbedtls wrapper, if you build against
> >     anything except mbedtls (openssl, wolfssl, libressl, boringssl etc)
> it
> >     will not apply to your binary since it's not built in there.
> >
> >     So AIUI you have a way to avoid having to deal with the requirements
> of
> >     those additional licenses **for binary distribution** by ensuring the
> >     related code was not built into your binary.  For source
> distribution,
> >     you have to observe them, but AFAIK just serving someone the
> unchanged
> >     tarball is compliant for that.
> >
> >     You can also send patches with MIT-licensed alternatives I can swap
> >     these things out for.  But I think you will find, if you have to
> >     consider that, it's not really so "unfortunate" we got some free
> >     implementations we can use or base off without rewriting them.  It'd
> be
> >     ideal if everyone agreed on one liberal license so no impedance
> >     mismatch
> >     (some of the composed code was already MIT, so it does happen), but
> >     that's not how it is out there at the moment.
> >
> >     -Andy
> >
> >
> >      > If so, please let me know.
> >      >
> >      > Thanks in advance
> >      >
> >      > Regards,
> >      > sand
> >      >
> >      > _______________________________________________
> >      > Libwebsockets mailing list
> >      > Libwebsockets at ml.libwebsockets.org
> >     <mailto:Libwebsockets at ml.libwebsockets.org>
> >      > https://libwebsockets.org/mailman/listinfo/libwebsockets
> >     <https://libwebsockets.org/mailman/listinfo/libwebsockets>
> >      >
> >
> _______________________________________________
> Libwebsockets mailing list
> Libwebsockets at ml.libwebsockets.org
> https://libwebsockets.org/mailman/listinfo/libwebsockets
>


-- 
Bruce Perens K6BP
- Board Partner, OSS Capital LLC Venture Capital
- CEO, undisclosed startup
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://libwebsockets.org/pipermail/libwebsockets/attachments/20210504/03a6b9b0/attachment-0001.htm>


More information about the Libwebsockets mailing list