Fwd: possible license violation (was: libssl and zlib1g)
Actualy, I'm not sure if indirect linking of GPL with "original BSD" license is
a violation as well.
Summary for debian-legal:
- zabbix (GPL) links with libsnmp (revised BSD)
- libsnmp links with libssl (original BSD)
On Thu, Jul 27, 2006 at 11:32:04AM +0200, Robert Millan [ackstorm] wrote:
> On Thu, Jul 27, 2006 at 10:50:05AM +0200, Michael Ablassmeier wrote:
> > hi robert,
> >
> > On Thu, Jul 27, 2006 at 10:07:38AM +0200, Robert Millan [ackstorm] wrote:
> > > It seems that zabbix is explicitly checking for and linking with libz and
> > > libcrypto. Look at the logs:
> > >
> > > checking for compress in -lz... yes
> > > [...]
> > > checking for main in -lcrypto... yes
> > > [...]
> > > gcc -Wall -g -O2 -o zabbix_server [...] -lz [...] -lcrypto
> >
> > well, i have just had a look at other packages build-depending on
> > libsnmp-dev, and all ive had a look at add -lcrypto to the linking
> > flags on build time, as this seems to bee needed when linking against
> > snmp stuff:
> >
> > from ifstat's configure.in:
> > # Setting to be able to force linking with -lcrypto..
> >
> > from netmgr's configure.in:
> > # Net/UCD-SNMP includes v3 support and insists on crypto unless
> > # compiled --without-openssl
>
> Since libsnmp is *already* linking with libz and libcrypto, if zabbix itself
> doesn't use them directly, there's no need for a direct link.
>
> > > However (and this a more important fact that I overlooked), in the case of
> > > openssl it would be illegal to link a GPL program with it, since the OpenSSL
> > > developers added an advertising clausse that makes it incompatible. A
> > > Build-Conflicts should be present in order to avoid this from happening.
> > > Alternatively, you could link it with GnuTLS compat layer to see how it works
> > > out.
> >
> > *sight*, i have feared this might be the case. However, i dont quite
> > understand the case here. Zabbix does not use any of the openssl headers
> > or functions in its code and is nevertheless linking against libcrypto
> > which is needed because libsnmp9-dev is linked against openssl.
>
> Then it's not really needed. Just disable the -lcrypto flag (or add a
> Build-Conflicts).
>
> If you want an explanation for this non-sense, I think the most plausible one is
> that they enabled direct linking with libz/libcrypto as a workaround for static
> binary brokenness. I.e. you can't build a static zabbix without "-lz -lcrypto"
>
> > Fabio,
> > what do you think about this? Should i start ask Alexei for permission
> > about linking against openssl so we are on the safe side?
>
> Unless Alexei recieved copyright assignment papers from all significant
> (~>15 lines) contributions, he can't really (legaly) do that.
>
> --
> Robert Millan
>
> ACK STORM, S.L. - http://www.ackstorm.es
--
Robert Millan
ACK STORM, S.L. - http://www.ackstorm.es
Reply to: