Re: Bug#218832: ITP: libnettle -- a low-level cryptographic library

To: debian-devel <debian-devel@lists.debian.org>
Cc: debian-legal@lists.debian.org, 218832@bugs.debian.org
Subject: Re: Bug#218832: ITP: libnettle -- a low-level cryptographic library
From: John Belmonte <jvb@prairienet.org>
Date: Sat, 08 Nov 2003 20:11:53 -0500
Message-id: <[🔎] 3FAD9459.8080402@prairienet.org>
In-reply-to: <[🔎] 20031108194321.GI20214@deadbeast.net>
References: <20031102220146.DB2C11703E@beowulf.thanes.org> <3FAA7C92.9090809@prairienet.org> <20031106171610.GA2242@thanes.org> <3FAA9F77.3010408@prairienet.org> <[🔎] 20031108194321.GI20214@deadbeast.net>

Branden,

I don't disagree with anything you've stated regarding my sloppyarguments. However, as you are implying on a public forum that I don'tgrasp the subject matter of licenses, I'm going to defend myself a little.

I wrote, unfortunately, "If the library as a whole must be under GPLlicense, how is it significant that parts of it were once under LGPL oron the public domain?" What I meant was if a library file (in objectform) contains both GPL and non-GPL'd software, how is it significantthat any of it is non-GPL? This was from the admittedly narrow point ofview of an application that can't use GPL'd software, a case I had stuckin my head. The libnettle maintainer pointed out that it issignificant, because such an application can still statically link tothe library, assuming it only drew from non-GPL object files.

I'm interested in the notion of license metadata for file packages (inthe general sense)-- what the semantics would be, whether or how itcould be useful, etc. As someone pointed out, there is no such thingfor Debian packages. But ITP's do have the "License" field, so I wasasking about the semantics of an entry like "GPL, LGPL, public domain".Here it means that parts of the package are covered by one license,parts by another, etc. It doesn't always mean this. See<http://bugs.debian.org/205951>, for example.



Regards,
-John Belmonte


Branden Robinson wrote:

[Follows set to debian-legal.]

On Thu, Nov 06, 2003 at 02:22:31PM -0500, John Belmonte wrote:

If the library as a whole must be under GPL license, how is itsignificant that parts of it were once under LGPL or on the publicdomain? The purpose of the License field is to tell the user whatlicense the software in the package is under, not to give a history ofprevious or constituent licensing.



I don't think you understand licensing very well.  If more than one
party still holds copyright in an aggregate work, no one party can make
a single license apply to the work "as a whole", as you say.

What do you mean by "once under the LGPL or public domain"?  What
mechanism do you propose causes works to stop being licensed under the
LGPL, or withdrawn from the public domain?  Mere distribution in
compliance with the terms of the GNU GPL is certainly not such a
mechanism.

"Historical" (i.e., inapplicable) licensing is not necessarily something
that needs to be explained in a debian/copyright file, though it might
be of use to people if there are many confused questions on the subject
with respect to a given package.

"Constituent license" is indeed apropos for debian/copyright, as it's
reasonable to expect our users to be bound by those licenses if they
attempt to modify or further distribute the packge in question.

I suggest you scrutinize the licenses in your own packages more closely,
as you appear to have been working from a number of invalid assumptions.

If you have any questions, please consult the debian-legal mailing list
for advice.



--
http:// if  ile.o g/

Reply to:

References:
- Re: Bug#218832: ITP: libnettle -- a low-level cryptographic library
  - From: Branden Robinson <branden@debian.org>

Prev by Date: Re: Bug#218832: ITP: libnettle -- a low-level cryptographic library
Next by Date: Re: [fielding@apache.org: Review of proposed Apache License, version 2.0]
Previous by thread: Re: Bug#218832: ITP: libnettle -- a low-level cryptographic library
Next by thread: ttfn
Index(es):
- Date
- Thread