[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: spring packages



Hi,

On Mon, Oct 26, 2009 at 12:55:41AM +0100, Marco Amadori wrote:
> On Monday 26 October 2009 00:44:48 Sylvain Beucler wrote:
> > On Sat, Oct 24, 2009 at 09:37:20AM +0800, Paul Wise wrote:
> > > >> Why do you override possible-gpl-code-linked-with-openssl?
> > > >
> > > > It is told on disclaimer on debian/control, for IRC chatting with a
> > > > former ftp master it came clear that if the code does not need any ssl
> > > > symbol, the conflict between openssl and gpl does not apply, even if
> > > > ldd seems to suggests the opposite. (Probably a lintian bug should be
> > > > open for that).
> > >
> > > Hmm. I've often seen people switch to the GNUTLS version of curl to
> > > get transitive GPL compliance.
> > 
> > IHMO linking through a wrapper is still linking, and needs to respect
> > the licenses.  Paul's suggestion seems wise (no pun intended ;)).
> 
> The linking is not explicit, if I build a libtorrent-rasterbar without ssl 
> support SpringLobby will end without ldd showing up this dependecy.

We (Debian) do distribute libtorrent-rasterbar with openssl support.
Short of fixing openssl's obnoxious license, the correct way would be
to create another libtorrent-rasterbar-(nossl|gnutls) package which
would not depend on openssl.


> And openssl license talks about "use", "distribute" and "advertise" which 
> SpringLobby don't do in any part of the code (as grep in the source or objdump 
> in the binary can show) or in the original tarball packaging.

It is not possible to escape a license's requirement by adding an
intermediate dependency.

What matters, in my opinion, is the final work, which is the
combination of the packages and all its linked dependencies.


> It sounds fine for me and there is a similar but different ( libtorrent-
> rasterbar is not GPL) debian-legal thread about it [0].
> 
> [0] http://lists.debian.org/debian-legal/2007/11/threads.html#00061

It seems to me that the majority of people who participated in this
discussion think that linking openssl with GPL'd code, even through
intermediate dependencies, is not permitted by the licenses.


@ http://git.debian.org/?p=pkg-games/springlobby.git;a=blob;f=debian/copyright;hb=HEAD
> Dislaimer: although SpringLobby links libtorrent-rasterbar, which could be
> built with openssl, SpringLobby uses none of its symbols (as in objdump -x
> springlobby | grep NEEDED); so no exception is needed.

This would be quite convenient here, but I believe this isn't the case.

-- 
Sylvain


Reply to: