Fwd: possible license violation (was: libssl and zlib1g)

To: debian-legal@lists.debian.org
Cc: Michael Ablassmeier <abi@grinser.de>, 375810@bugs.debian.org, kobold@debian.org
Subject: Fwd: possible license violation (was: libssl and zlib1g)
From: "Robert Millan [ackstorm]" <rmillan@ackstorm.es>
Date: Thu, 27 Jul 2006 11:47:06 +0200
Message-id: <[🔎] 20060727094706.GA6954@acklap>
In-reply-to: <20060727093204.GA6775@acklap>
References: <20060628082150.GA23531@acklap.ackstorm.es> <20060725121245.GA20442@jail.schiach.de> <20060727080738.GB4771@acklap> <20060727085005.GA68650@jail.schiach.de> <20060727093204.GA6775@acklap>

Actualy, I'm not sure if indirect linking of GPL with "original BSD" license is
a violation as well.

Summary for debian-legal:

  - zabbix (GPL) links with libsnmp (revised BSD)
  - libsnmp links with libssl (original BSD)

On Thu, Jul 27, 2006 at 11:32:04AM +0200, Robert Millan [ackstorm] wrote:
> On Thu, Jul 27, 2006 at 10:50:05AM +0200, Michael Ablassmeier wrote:
> > hi robert,
> > 
> > On Thu, Jul 27, 2006 at 10:07:38AM +0200, Robert Millan [ackstorm] wrote:
> > > It seems that zabbix is explicitly checking for and linking with libz and
> > > libcrypto.  Look at the logs:
> > > 
> > >   checking for compress in -lz... yes
> > >   [...]
> > >   checking for main in -lcrypto... yes
> > >   [...]
> > >   gcc  -Wall -g -O2   -o zabbix_server [...] -lz [...] -lcrypto
> > 
> > well, i have just had a look at other packages build-depending on
> > libsnmp-dev, and  all ive had a look at  add -lcrypto to the linking
> > flags on build time, as this seems to bee needed when linking against
> > snmp stuff:
> > 
> >  from ifstat's configure.in:
> >          # Setting to be able to force linking with -lcrypto..
> > 
> >  from netmgr's configure.in:
> >         # Net/UCD-SNMP includes v3 support and insists on crypto unless
> >         # compiled --without-openssl
> 
> Since libsnmp is *already* linking with libz and libcrypto, if zabbix itself
> doesn't use them directly, there's no need for a direct link.
> 
> > > However (and this a more important fact that I overlooked), in the case of
> > > openssl it would be illegal to link a GPL program with it, since the OpenSSL
> > > developers added an advertising clausse that makes it incompatible.  A
> > > Build-Conflicts should be present in order to avoid this from happening.
> > > Alternatively, you could link it with GnuTLS compat layer to see how it works
> > > out.
> > 
> > *sight*, i have feared this might be the case. However, i dont quite
> > understand the case here. Zabbix does not use any of the openssl headers
> > or functions in its code and is nevertheless linking against libcrypto
> > which is needed because libsnmp9-dev is linked against openssl.
> 
> Then it's not really needed.  Just disable the -lcrypto flag (or add a
> Build-Conflicts).
> 
> If you want an explanation for this non-sense, I think the most plausible one is
> that they enabled direct linking with libz/libcrypto as a workaround for static
> binary brokenness.  I.e. you can't build a static zabbix without "-lz -lcrypto"
> 
> > Fabio,
> > what do you think about this? Should i start ask Alexei for permission
> > about linking against openssl so we are on the safe side?
> 
> Unless Alexei recieved copyright assignment papers from all significant
> (~>15 lines) contributions, he can't really (legaly) do that.
> 
> -- 
> Robert Millan
> 
> ACK STORM, S.L.  -  http://www.ackstorm.es

-- 
Robert Millan

ACK STORM, S.L.  -  http://www.ackstorm.es

Reply to:

Prev by Date: Nuestro Himno Banner.
Next by Date: Re: DomainKeys license(s)
Previous by thread: Nuestro Himno Banner.
Next by thread: Re: DomainKeys license(s)
Index(es):
- Date
- Thread