[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Cryptographic software in main archive

On Sun, Mar 24, 2002 at 10:58:44AM +1000, Anthony Towns wrote:
> (Public followup since this'll probably come up again. Discussion should
> probably go to debian-legal@lists.debian.org)

> On Sat, Mar 23, 2002 at 09:20:03PM +0100, Marek Michalkiewicz wrote:
> > > 	* There are a whole bunch of GPLed programs that link against
> > > 	  libssl. This isn't okay, see the OpenSSL FAQ's response:
> > > 	      http://www.openssl.org/support/faq.html#LEGAL2
> > > 	  We've been lax about this in the past, we'll try to get this
> > > 	  right as packages are uploaded to main.
> >   2. Can I use OpenSSL with GPL software?
> >   On many systems including the major Linux and BSD distributions, yes
> >   (the GPL does not place restrictions on using libraries that are part
> >   of the normal operating system distribution). 

> Sorry, this isn't precisely accurate on the OpenBSD folks part. The GPL
> allows you to use this exception "unless [the library] accompanies the
> executable" which it would if the executable were allowed into main. It's
> the exact same situation we had with KDE/Qt.

With this reasoning, the only other way it's legal to distribute 
GPL binaries linked against glibc and other LGPLed libraries (which 
are also distributed in main) is if those LGPLed libraries are
distributed under the GPL, per section 3 of the LGPL.  There is no 
qualitative difference between glibc and OpenSSL in this regard; if one 
must be GPLed to be linked against, then so must the other.  And we 
can't distribute glibc under the terms of the GPL, because then we can't 
link any other /non/ GPL software against it.

If your interpretation of the GPL is correct, we are therefore in
violation of the GPL for distributing any GPLed binaries together with
LGPLed glibc binaries.  Either additional clarification of the GPL is
necessary to protect all Linux distributors from being taken to court
for license/copyright violation; or this is a misinterpretation of what
it means for a component to "[accompany] the executable", and
distribution of GPL binaries together with glibc really /is/ permitted
-- in which case, we must again ask the question of why the same
exemption would not be extended to the OpenSSL libraries.

Steve Langasek
postmodern programmer

Attachment: pgp_QzH_8G40V.pgp
Description: PGP signature

Reply to: