RFC: what to do about the open-iscsi GPL license vs. the open-ssl BSD license?

[The Lee-Man]

Hi All:

I believe there is a conflict between the current open-iscsi license and the open-ssl license, noticed recently when Chris Leech updated open-iscsi to use newer encryption algorithms.

You can see more about this on github, where it was brought up as an issue

It seems like there are several options, in order of progressively more work:

1. ignore this problem
2. add a disclaimer to our license
3. Revert the update Chris did
   
4. re-write open-iscsi encryption code to use a different package

It seems some other packages handle this case by simply ifdefing out the "offending" code. Of course others are welcome add a define to include that code, but by default this "fixes" the license issue. I do not like this approach, as many open-iscsi users care about authentication, and removing it would cripple open-iscsi IMHO.

Ignoring the problem won't fix anything, and I vote against reverting the changes Chris put in, as well as rewriting the code, as I'm no encryption expert and have no desire to become one. I would certainly be willing to entertain a patch series that did that, if any enterprising user wanted to do that work.

That leaves us with the disclaimer. I believe this will be good enough, as it has worked with other similar situations. And although I'm certainly not a lawyer, I so far have not seen anyone that worries about the open-iscsi license, with the exception of one distribution that runs nit-picking license checkers, just for fun. :)

So this is the official request for comment. Anyone?

--

The Lee-man