On Thu, Aug 19, 2004 at 10:02:06AM +0200, Francesco P. Lovergine wrote: > On Thu, Aug 12, 2004 at 04:17:22PM -0700, Steve Langasek wrote: > > > I'm not a Debian guru, but I scanned through the list of apps depending on > > > curl to see what licenses they use, and I stopped when I had collected five > > > examples: > > > > > grip, logjam, ardour, fbi, xine-ui > > > > > They are all GPLv2 licensees. > > > > This is, in fact, a violation of the GPL as we understand it. > Uhm, please clarify. E.g. I - an upstream - link a library which in turn > links openssl, but I do not use ssl related functions at all in my > sources. Could you explain why I should add a clause for openssl? > Linking with it is of course a choice of curl upstream (and maintainer) > and of course not mandatory. I (again the typical upstream) link using > curl API, which should hide those kind of details, tamquam non esset. > The only upstream which should add the clause is curl one AFAIK, if needed > (I don't know what sort of license it uses). If you admit indirect > linking vincula, we could probably remove a good portion of main > in debian, due to bsd-gpl problem. You are welcome to demonstrate that there is actually a bsd-gpl problem that would require removal of large portions of main. However, this has been the orthodox understanding of the GPL for longer than I've been involved in Debian, and is taken very seriously. If your understanding of the license exception requirements were correct, it would be a very easy loophole for people to exploit, using GPL-compatible library layers to "sanitize" the licenses of library dependencies. But in fact, the GPL's definition of source code is: The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. For GPL applications linked against curl, "all modules it contains" includes both libcurl and libssl. -- Steve Langasek postmodern programmer
Attachment:
signature.asc
Description: Digital signature