Re: Checking license compatibilty of (indirect) rdepends

To: debian-devel@lists.debian.org
Subject: Re: Checking license compatibilty of (indirect) rdepends
From: Russ Allbery <rra@debian.org>
Date: Wed, 13 Mar 2013 12:29:05 -0700
Message-id: <[🔎] 87620vxfni.fsf@windlord.stanford.edu>
In-reply-to: <[🔎] 0au61a-u54.ln1@argenau.downhill.at.eu.org> (Andreas Metzler's message of "Wed, 13 Mar 2013 19:49:06 +0100")
References: <[🔎] 0au61a-u54.ln1@argenau.downhill.at.eu.org>

Andreas Metzler <ametzler@downhill.at.eu.org> writes:

> I have tried in the past to find out what would break in Debian if we
> used a GnuTLS library which was licensed LGPLv3+ instead of LGPLv2.1+. I
> started going through packages (build-)depending on libgnutls-dev and
> reading their debian/copyright, checking for incompatible licenses.

> However after that there are still the indirect dependencies to
> consider, and which of these acually include a binary that ends up
> being dynamically linked to gnutls at runtime.

I don't know of any tools.  However, I will mention that one of the
immediate problems that we know we'll have is with OpenLDAP, which links
with GnuTLS.  OpenLDAP's license doesn't care, but the LDAP libraries in
turn are pulled into just about everything, most notably including PAM and
NSS modules.  (Where effective license boundaries are in that sort of
setup, if anywhere, is, of course, hotly debated.)

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to:

References:
- Checking license compatibilty of (indirect) rdepends
  - From: Andreas Metzler <ametzler@downhill.at.eu.org>

Prev by Date: Checking license compatibilty of (indirect) rdepends
Next by Date: Bug#702990: ITP: vizigrep -- Graphical file contents search tool using regular expressions
Previous by thread: Checking license compatibilty of (indirect) rdepends
Next by thread: Bug#702990: ITP: vizigrep -- Graphical file contents search tool using regular expressions
Index(es):
- Date
- Thread