GPL applications using Python (OpenSSL issue?)
Can GPLv3+ applications written in Python exist in Debian main? The
applications in question do not use an openssl exception.
Python uses OpenSSL so the moment the application starts, it is linking
against it too:
$ objdump -p /usr/bin/python2.6 | grep NEEDED
NEEDED libpthread.so.0
NEEDED libdl.so.2
NEEDED libutil.so.1
NEEDED libssl.so.0.9.8
NEEDED libcrypto.so.0.9.8
NEEDED libz.so.1
NEEDED libm.so.6
NEEDED libc.so.6
In my case I am talking about a GPLv3+ package that exists in Debian --
kupfer
Where do I draw the line for using/linking against ssl?
a) Using Python2.6
b) Unintentionally introducing _ssl or ssl into the imported modules
(import any of urllib, httplib, socket etc!)
c) Unintentionally using ssl (use urllib.urlopen on URL provided by
user -- if it's https we are using openssl)
d) Intentionally using ssl (import ssl and use httplib.HTTPSConnection
and verify certificates)
Kupfer is today at (c) in the debian archive. It exists in development
version at (d).
Clearly (d) has provoked thought but upon investigation I see that
"import ssl" only triggers "import _ssl" which in turn is an almost
no-op because _ssl is a built-in module in Python 2.6.
Is this easier to answer than I think it is?
Ulrik
Reply to: