[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Who needs libcurl3? (was libcurl3-dev: A development package linked again gnutls needed)

[Bartosz Fenski]
> Seems that part of developers think that indirect linking with
> OpenSSL is ok, and part think it's not.

Yeah.  Well.  Stand back and look at why this 'linking' thing matters
in the first place.  The point is to determine whether one work is a
"derivative" of another work.  If it is not, copyright law doesn't let
the author of the second work have any influence on the licensing of
the first.

If you link to libldap2 or libcurl3 but your program would work just as
well whether or not those libraries have openssl support, it's really
hard to argue that *you* are deriving your code from Eric Young or the
OpenSSL project.  Or vice versa.  You wrote your code to call LDAP
functions, or web downloading functions, you didn't care then and don't
care now how those functions work.  Didn't care then and don't care now
whether they can utilize https:// or ldaps:// at runtime.  The
functions themselves were licensed to you in a manner you could use.

The whole "linking is deriving" thing is shaky for other reasons too.
For instance, it's pretty widely known or believed that mere interfaces
can't be copyrighted.  And when you get right down to it, when your
program uses a library, it's really just using the published interface.
But that's an argument for another day, and probably another list.

> What is an official statement?

There is none.  Debian generally errs very conservatively with regard
to license violations, though, because of the Tentacles of Evil
principle.  That is: if we ship some software and the authors don't
mind how we're doing it but we're technically in violation of some
license provision - and later one of the authors is bought out by some
Big Evil Corporation - then the B.E.C. can cause a lot of trouble for
Debian and our users.  This is a situation Debian tries very hard to

Attachment: signature.asc
Description: Digital signature

Reply to: