Re: Interest in packaging GNU Shishi and GNU Generic Security Service?

[Russ Allbery <rra@stanford.edu>]

Simon Josefsson <jas@extundo.com> writes:
> Steve Langasek <vorlon@debian.org> writes:

>> I notice from
>> <http://josefsson.org/cgi-bin/viewcvs.cgi/shishi/README?rev=1.30&view=markup>
>> that this lib is distributed under the terms of the GPL only, so I have
>> my doubts that it's particularly useful for Debian to adopt it.  Is
>> there any particular reason that GNU shishi is not made available under
>> the LGPL?

> Some reasons are given in [1].  I don't quite follow.  Is there a
> problem with GPL'd software in Debian?

The problem is that you're drastically limiting what other software can
use the library.  For example, there would be no way that Debian could
link Cyrus SASL with shishi, because Cyrus SASL is used by a wide variety
of other packages including some that are not GPL-compatible.  No package
that uses shishi could also use OpenSSL.  No package that uses shishi
could, as I understand it, use it as part of an Apache module.  There are
lots of other, similar cases.

As a result, shishi is going to basically be a curiosity, not a serious
Kerberos alternative for Debian.  Given the difficulty involved in
building multiple versions of packages to allow a choice of Kerberos
implementations (if you look through Debian, you'll find that the ability
to use Heimdal or MIT Kerberos exclusively is already rather spotty and
some significant packages are only really maintained with one or the
other), the addition of licensing problems means that there's basically no
motivation for anyone to try to use shishi.

Most of the motivations for making a library GPL rather than LGPL do not
apply to shishi, since no one is going to free their software just to be
able to use shishi.  They're going to shrug and just use MIT Kerberos or
some other implementation with a permissive license instead.

-- 
Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>