Providing an openssl-linked pycurl
Some people, who submitted or commented on bug #515200 would like to have a
version of pycurl linked with OpenSSL, mostly because of features provided.
Before going ahead with that, the maintainer asked to have some opinion from
-legal, so with this post I'm trying to solicit comments.
According to my understandment:
- OpenSSL is released under a license which is GPL incompatible, unless an
exception to the GPL is used in the software compiled with it. Debian cannot
distribute GPL software released under the unmodified GPL and linked against
- pycurl is released under the LGPL (2.1 or later) or a MIT/X derivative
license based on the one of curl itself. Neither of these licenses is
incompatible with OpenSSL, and as for curl itself we should be able to
provide a version of pycurl which uses openssl.
Am I correct up to here?
Now, what would be the status of (unmodified) GPL python software which imports
pycurl? Is this considered the same as linking, and would it have to make sure
it uses the GNUTLS version, by depending on it?
This might open discussions about how to provide the feature tecnically (different module
names in python, conflicting packages, etc) and make sure legality is kept, but
in the meantime we'd just like a legal opinion on what would or would not be
ok. (also considering it's OK for a user to use GPL+OpenSSL software if he
wants, it's just not OK for us to distribute it).
Thanks a lot for your help and attention,