On Wed, Aug 07, 2002 at 10:13:18AM -0500, Steve Greenland wrote: > On 07-Aug-02, 09:42 (CDT), Steve Langasek <vorlon@netexpress.net> wrote: > > On Wed, Aug 07, 2002 at 02:33:00PM -0000, Moshe Zadka wrote: > > > On Wed, 7 Aug 2002, Steve Langasek <vorlon@netexpress.net> wrote: > > > > If psi Depends: on libqssl1, then you have quite clearly stated your > > > > intention to create a derivative work. > > > > If psi does not Depend: on libqssl1, it is mere aggregation, and not > > > > restricted by the GPL. > > > What about Recommends:? > > I think any package relationship that could cause package management > > software we ship to pull libqssl1 in by default when psi is installed is > > too strong. > That's not a very useful distinction: But I believe this is where the law would draw the line. > whether or not Recommends and Suggests are automatically fulfilled is > configurable in aptitude. The question is whether our software will pull it in *by default*. If the user has to take some action in order for libqssl1 to be pulled in, whether it's a one-time configuration of the packaging front-end or manually selecting the library at install-time, I believe that's sufficient. (But IANAL.) > Intent, on the other hand, may mean something. Obviously(?), if the > package won't run without installing the questionable library, then the > intent is that they be used together, and the license is violated. If it > runs okay without it, but automatically uses it if present, then it's > more debatable, although my personal opinion would be that since we are > distributing the library, our intent is that they be used together, and > thus we are back to a violation. > I'd be a lot more comfortable is the user had to make an active decision > to combine the packages (more than just installing libqssl1, as that may > be pulled in by something else). And that's fine, too; certainly we wouldn't get in trouble legally by being cautious. Steve Langasek postmodern programmer
Attachment:
pgp7qxuVE1RiC.pgp
Description: PGP signature