[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Checking license compatibilty of (indirect) rdepends

Andreas Metzler <ametzler@downhill.at.eu.org> writes:

> I have tried in the past to find out what would break in Debian if we
> used a GnuTLS library which was licensed LGPLv3+ instead of LGPLv2.1+. I
> started going through packages (build-)depending on libgnutls-dev and
> reading their debian/copyright, checking for incompatible licenses.

> However after that there are still the indirect dependencies to
> consider, and which of these acually include a binary that ends up
> being dynamically linked to gnutls at runtime.

I don't know of any tools.  However, I will mention that one of the
immediate problems that we know we'll have is with OpenLDAP, which links
with GnuTLS.  OpenLDAP's license doesn't care, but the LDAP libraries in
turn are pulled into just about everything, most notably including PAM and
NSS modules.  (Where effective license boundaries are in that sort of
setup, if anywhere, is, of course, hotly debated.)

Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to: