Uploaded image for project: 'Legal Discuss'
  1. Legal Discuss
  2. LEGAL-393

Shipping boringssl/OpenSSL binaries along Apache Flink

    XMLWordPrintableJSON

    Details

    • Type: Question
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Component/s: None
    • Labels:
      None

      Description

      As part of providing the ability to use an OpenSSL-based SSL engine in Apache Flink, I need to include the netty-tcnative binaries into our flink-shaded-netty-4 artifacts. netty-tcnative itself is Apache 2 licensed, but since both OpenSSL as well as boringssl (a fork of OpenSSL) are BSD-style licences (https://github.com/google/boringssl/blob/master/LICENSE, https://www.openssl.org/source/license.html) and not Apache 2 (yet?), I was a bit worried about the implications and which way to go.

      The following options are available:

      a) using a jar file with native code dynamically linked against system OpenSSL libraries (there the jar contains only Apache 2 code)
      b) using a jar file with statically linked binaries

      Now both have their individual technical consequences but which of these two (if any) qualifies from a legal perspective and what are the implications?

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                NicoK Nico Kruber
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: