Netatalk and OpenSSL licencing
Hi,
I'm asking for advice.
The best explanation can be found at this feature request on SourceForge:
http://sourceforge.net/tracker/index.php?func=detail&aid=890674&
group_id=8642&atid=358642
This is licence related. I'm using Debian, and prefer to grab
netatalk using the appropriate package [1]. However, this
package is not allowed to link to OpenSSL (and thus DHX
passwords are disabled) [2]. The reason comes from debian-
legal (don't ask *me*, I'm an ignorant user): "GPL software
linked against OpenSSL is not allowed in the main archive
without either a license exemption from the upstream author
of the GPL package, a change in the license of OpenSSL
itself, or a clear legal precedent sustaining the OpenSSL
FAQ's opinion on this point." [3]
In short, the OpenSSL and GPL are incompatible (as was
noted on this list in 2001), so you may link it yourself, but
may not distribute it because the GPL forbids it, despite that
both licences are considered "free". (Well, at least that's
what people on debian-legal claim).
Thankfully, both the OpenSSL FAQ [4] and the GPL FAQ [5]
give a solution: Add an exception to the licence, stating that
it really is OK with you to compile the whole bunch, link with
OpenSSL and put it in a package.
So, my question. Could you pretty please add the following
statement in one of your legal-blahblah files for both the 1.6
and 2.0 version? I just copied it from gnu.org [5]:
"In addition, as a special exception, the netatalk developers
give permission to link the code of this program with the
OpenSSL library (or with modified versions of OpenSSL that
use the same license as OpenSSL), and distribute linked
combinations including the two. You must obey the GNU
General Public License in all respects for all of the code used
other than OpenSSL. If you modify this file, you may extend
this exception to your version of the file, but you are not
obligated to do so. If you do not wish to do so, delete this
exception statement from your version."
[1] http://packages.debian.org/netatalk
[2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=191790
[3] http://lists.debian.org/debian-legal/2002/debian-legal
-200210/msg00173.html
[4] http://www.openssl.org/support/faq.html#LEGAL2 (last
paragraph of answer)
[5] http://www.gnu.org/licenses/gpl-faq.html#GPLIncompatibleLibs
Thanks a LOT!
And sorry to have distracted you from serious coding with
this silly feature!
I have since bother the maintainer of netatalk debina package and the
upstream maintainers. The latter are perfectly happy to make the exception
to the licence, but can not:
We have discussed this internally, and I fear it is not
possible to make that change.
Netatalk (at least 2.0) includes some GPL'ed code from other
projects, mostly libiconv and Samba. Distributing Netatalk
under a different license than the original GPL is AFAIKT
(IANAL) therefore impossible without getting the permissions
from the original authors and possibly all other contributors.
So: my questions:
1. Has anything changed in the statement made to debian-legal in 2002?
2. Is the netatalk upstream author correct that he cannot reasonably make
the exception (without asking all possible contributors)
3. Is there any way of getting netatalk with encrypted passwords in sarge?
I can think of source-only distributions, or asking to move it out of
main. However, I do not fully understand the implications of this. So:
what would be a possible next move? Maybe just put it in Sarge, and ask
FSF to sue you to create legal precedent? :-)
Kind regards,
Freek Dijkstra
[rant mode on]
PS: to play the devils advocate on this list: is this !@#&$(%$ really
necessary for me as an end-user to get open-source software to work? I'd
rather had spend all this time doing something *useful*. All lawyers on this
list: please find an other job. ;-)
[rant mode off]
Reply to: