Re: Netatalk and SSL

[Steve Langasek <vorlon@debian.org>]

On Wed, Jun 21, 2006 at 12:56:44AM +0200, Tollef Fog Heen wrote:
> * Thomas Bushnell BSG 

> | If the GPL'd source is useful with various equivalent libraries, some
> | GPL-incompatible, some not, then the shipper of the GPL'd source is
> | not breaking any rules, because they are not necessarily intending to
> | combine their code with the incompatible code.

> | If you are shipping *binaries* however, which declare shared library
> | dependencies on the GPL-incompatible library, then that excuse
> | vanishes.

> So if you have:

> Package: foo
> Depends libfoo, libc6

> Package: libfoo
> Depends: libbar | libbar-ssl, libc6

> Package: libbar
> Depends: libc6

> Package: libbar-ssl
> Depends: libc6, libssl

> (Assume that foo, libfoo and libbar are all licenced under the GPL,
> libbar with a licence exception allowing it to be linked to openssl.
> Also assume that libbar and libbar-ssl are ABI-compatible.)

> Is this allowed?

I believe that it is, so long as we aren't shipping any other packages that
transitively depend on both foo and libbar-ssl, overriding foo's preference.

> Would it be allowed if the package stanza for libfoo read:

> Package: libfoo
> Depends: libbar-ssl | libbar, libc6

I believe that it is not.

If you want actual arguments on the subject, they're buried somewhere in
debian-legal archives from three years ago. ;)

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
vorlon@debian.org                                   http://www.debian.org/