Re: openssl and GPL

To: Steve Langasek <vorlon@netexpress.net>
Cc: debian-legal@lists.debian.org
Subject: Re: openssl and GPL
From: Brian May <bam@snoopy.apana.org.au>
Date: Mon, 22 Apr 2002 10:44:57 +1000
Message-id: <[🔎] 20020422004457.GA16510@snoopy.apana.org.au>
In-reply-to: <[🔎] 20020421212402.GA10072@dodds.net>
References: <[🔎] 20020421061509.GJ23604@snoopy.apana.org.au> <[🔎] 20020421212402.GA10072@dodds.net>

On Sun, Apr 21, 2002 at 04:24:03PM -0500, Steve Langasek wrote:
> There have always been problems linking GPL code with BSD code, so long
> as the GPL has existed.  Only code licensed under the new,
> recently revised BSD license can be linked with GPL code.  OpenSSL 
> doesn't use such a new-style BSD license.

So I take it that the advertising clause is the only problem with
the OpenSSL license?

And can I also assume that the copyright holders have been contacted
about this (probably billions of times), but don't want to change the
license, for some reason?

> > 2. Is <URL:http://www.openssl.org/support/faq.html#LEGAL> wrong? ie.
> > "the GPL does not place restrictions on using libraries that are part of
> > the normal operating system distribution".
> 
> The actual wording of the GPL in this regard is
> 
>   The source code for a work means the preferred form of the work for
>   making modifications to it.  For an executable work, complete source
>   code means all the source code for all modules it contains, plus any
>   associated interface definition files, plus the scripts used to
>   control compilation and installation of the executable.  However, as a
>   special exception, the source code distributed need not include
>   anything that is normally distributed (in either source or binary
>   form) with the major components (compiler, kernel, and so on) of the
>   operating system on which the executable runs, unless that component
>   itself accompanies the executable.
> 
> The current interpretation of this accepted by Debian, which I've been
> unable to find fault with, is that if your operating system comes with
> OpenSSL, it's ok to link *third-party* GPLed works against it; but if
> you distribute a GPLed work together with the libraries it depends on,
> even as part of an OS distribution (such as Debian), then those
> libraries must all be licensed in a manner that's compatible with the
> GPL.

It is very vague. I wonder what the intention was.

However, I am a bit puzzled; does that mean:

- It is OK to distribute these programs if they are seperate from
Debian?

- It is OK to distribute a close source package that uses GPL packages
from Debian?

> The goals of the GPL are to ensure the greatest net level of software
> freedom, by trading certain user freedoms (unlimited use of the source
> code) for others (guaranteed availability of the source code of derived

My feeling is that these limitations aren't on the source code, but
the binary code. If it was only the source code, then the binary code
wouldn't matter.

So you can link X (GPL) against Y (BSD), but if the binary of Y is
changed (maybe without prior notice) to link against, say openssl, then
suddenly the original linkage breaks the GPL. Even though the original
program (X) has not changed, and has not even been recompiled.

Come to think of it, can the GPL really say "It is Ok to distribute
package X, but not if the version of Y supplied is linked into openssl"?

What if several compiled versions of Y have been made available, and
only one of these uses openssl? (lets assume that these different
versions can be used without recompiling, and that somehow the Depends
field allows this).

> works).  As such, I don't think it's ever in conflict with the goals of
> the GPL to prevent linking with code that doesn't provide users with the
> same set of freedoms that the GPL itself does (or a superset thereof).
> You may argue that you place greater value on the freedoms that
> BSD-style licenses give you, but by virtue of the advertising clause,
> the OpenSSL license nevertheless lacks one freedom that the GPL insists
> on; and as such, it's incompatible.
> 
> Given the long history of the GPL as a license, and the fact that it has
> undergone revisions in the past, I think it's awkward to argue that it
> doesn't really say what its authors meant for it to say.  Rather, I see
> the GPL as a principal source of insight into the goals of its authors.
> :)

I think that the GPL is vague and prone to misintepretation.
For good example, see above issue ;-).

The way I see Debians intepretation of the GPL is that it is based on
the perspective of the end-user.

So under this interpretation, a user should be able to install only GPL
applications without their freedom being restricted by more restrictive
licenses.

However, if this was the case, shouldn't it still be OK simply to
provide two packages, one without the offending library, so the user has
the choice?

What would happen if a "Priority: required" package required OpenSSL?
Wouldn't this defeat the point of the restrictions set by the GPL? Since
any users would have to install openssl anyway?

Anyway, thanks for your response.
-- 
Brian May <bam@snoopy.apana.org.au>

-- 
To UNSUBSCRIBE, email to debian-legal-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: openssl and GPL
  - From: Jeff Licquia <licquia@debian.org>
- Re: openssl and GPL
  - From: Steve Langasek <vorlon@netexpress.net>

References:
- openssl and GPL
  - From: Brian May <bam@snoopy.apana.org.au>
- Re: openssl and GPL
  - From: Steve Langasek <vorlon@netexpress.net>

Prev by Date: Re: openssl and GPL
Next by Date: Re: openssl and GPL
Previous by thread: Re: openssl and GPL
Next by thread: Re: openssl and GPL
Index(es):
- Date
- Thread