On Sat, May 04, 2002 at 06:01:24PM +0200, Matthias Klose wrote: > Brian May writes: > > Hello, > > It has come to my attention that a number of packages may be breaching > > the GPL by linking with libreadline instead of libeditline. > > For instance, I asked on debian-legal, and was told that no program may > > link both with libreadline and openssl because the licenses of these two > > packages are incompatible (if you disagree, please bring it up on > > debian-legal, not here). > > However, a number of programs do exactly this. Probably the most popular > > package is python2.1. > - the python binary is not linked against readline and openssl. > - the readline module is linked against libreadline > - the _socket module is linked against libssl > Is one of the following solutions legal: > - Build the standard _socket module without SSL support and add a > new (well, it was called python-ssl) package which builds the ssl > module with ssl support and diverts the package. > - Add a hack to the interpreter, so that the readline and _socket > modules cannot be loaded together. > - Replace readline with editline. Yes this solution is legal, but > I didn't check yet, if it's doable. I believe this is only an issue if we also ship python programs that use both modules. It may be the case that we do; but simply having both python modules available on the system is not a license conflict, and end-users are even allowed to write programs using both modules; they just can't be distributed with Debian without some resolution to the above issue. If we don't ship any python programs that depend on both SSL socket support and readline support, I believe providing a non-SSL-enabled socket module as the preferred socket module will satisfy the license requirements. If we have programs that do need both SSL and readline, then something needs to be changed -- either readline must be replaced with editline, or OpenSSL must be replaced with gnutls. Steve Langasek postmodern programmer
Attachment:
pgpNgmokCtIc4.pgp
Description: PGP signature