On Thu, Aug 12, 2004 at 03:22:34PM +0200, Daniel Stenberg wrote: > Please forgive a new subscriber if this subject already has been debated to > death. In that case, just let me know and I'll quietly crawl away again. > Ok, here's my explanation of the "problem": > There this package in recent Debian named 'curl' (using a MIT-like > license). It is built with OpenSSL (you all know the OpenSSL license). > With curl there comes two (that we care about here) debian packages > nowadays named libcurl2 and libcurl3 (libcurl3 being the new ABI and > libcurl2 the older one). Both are linked against the OpenSSL libraries. > Many applications use libcurl. Including several applications/packages in > Debian unstable that are GPL-licensed. > See where I'm drifting? Several packages in Debian unstable are licensed > GPL (without explicit allowance for linking with OpenSSL) but links with > libraries/components that link with OpenSSL... This creates binaries that > are not allowed to distribute due to GPL license violations. AFAICT. > I'm not a Debian guru, but I scanned through the list of apps depending on > curl to see what licenses they use, and I stopped when I had collected five > examples: > grip, logjam, ardour, fbi, xine-ui > They are all GPLv2 licensees. This is, in fact, a violation of the GPL as we understand it. It would be helpful if you could file bug reports (severity: serious) against these packages you've looked at, documenting the license problem. The maintainer may have further licensing information that's not documented in the package copyright file; or, OTOH, we may need to remove these packages from sarge if the question can't be resolved quickly. > (I'm sure someone with more Debian skill can do this checking better and > more accurate - these numbers were obtained by some rather crude and > error-prone scripts.) It's possible to quickly find a list of packages using libcurl2/3, but checking the licenses of these packages still requires human review of the copyright files. Thanks, -- Steve Langasek postmodern programmer
Attachment:
signature.asc
Description: Digital signature