On Sat, Mar 20, 2010 at 01:33:43PM -0700, Russ Allbery wrote: > Ben Hutchings <ben@decadent.org.uk> writes: > > On Sat, 2010-03-20 at 12:03 -0700, Russ Allbery wrote: > >> The primary problem with using OpenSSL with OpenLDAP is NSS and PAM > >> modules, which pull the libraries into just about any GPL'd (or > >> other-licensed) package in the distribution in one way or another. > > [...] > > Applications that use NSS/PAM, and individual NSS/PAM modules, are > > useful without the other and it is a matter of user configuration > > whether they are used together at all. The OpenLDAP modules are not > > used by default. So I don't see that copyleft licences of applications > > using NSS/PAM can possibly extend to them. > My understanding is that that's not the standard that Debian has > historically applied, and I don't think it's particularly useful for > anyone who isn't a lawyer (such as myself) to debate it. I've always taken care to ensure the PAM modules enabled by default on the system have licenses compatible with everything that might be above them in the stack, which means no GPL- or OpenSSL-licensed library dependencies. However, we've had a number of PAM modules packaged for some time which fall on one side or the other of the GPL divide, and I think these are perfectly reasonable to have in the archive *as long as* we aren't shipping any packages that pull in incompatibly-licensed PAM modules and binaries as dependencies. The real problem with using OpenSSL with OpenLDAP is the software that is GPL-licensed and links to libldap *directly*. Samba and GNOME come to mind. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer http://www.debian.org/ slangasek@ubuntu.com vorlon@debian.org
Attachment:
signature.asc
Description: Digital signature