Re: GnuTLS in Debian

To: Clint Adams <clint@debian.org>, "debian-devel@lists.debian.org" <debian-devel@lists.debian.org>
Subject: Re: GnuTLS in Debian
From: Dimitri John Ledkov <xnox@debian.org>
Date: Mon, 23 Dec 2013 20:58:36 +0000
Message-id: <CANBHLUgmSLOX8xWZy8c0sovHQsX=e-4fdtvWm_wK76fYmL7E3g@mail.gmail.com>
In-reply-to: <20131223200432.GA6049@scru.org>
References: <20131222191240.GA3241@downhill.g.la> <slrnlbejcf.4q0.jmm@inutil.org> <20131222232540.GA17565@bongo.bofh.it> <20131223001556.GA6655@virgil.dodds.net> <20131223160457.GA18428@bongo.bofh.it> <1387818795-sup-6671@clint-HP> <8761qf75za.fsf@windlord.stanford.edu> <20131223200432.GA6049@scru.org>

On 23 December 2013 20:04, Clint Adams <clint@debian.org> wrote:
> On Mon, Dec 23, 2013 at 10:54:49AM -0800, Russ Allbery wrote:
>> There is no way to change the OpenSSL license.  The project doesn't use
>> copyright assignment and the number of contributors is far too large to be
>> able to track them all down and get their permission.
>
> I do not believe that either of these statements is categorically true.
>
> If I recall correctly, similar things were said about freeing Moria and
> Angband, then it turned out that it would have been trivial to contact
> Robert Koeneke if anyone had actually bothered to try.
>
> The OpenSSL license terms are terrible.  That, the awful build system,
> the awful API, and some of the crypto are reasons that we should not use
> OpenSSL at all for anything.  But instead we run around harming free
> software by making GPL exceptions and pretending that OpenSSL is good
> and tolerable.
>
> As an intellectual property abolitionist, I'll refrain from weighing in
> on the ethical issues of adhering to stupid license terms.
>

While I'd want to agree, on the other side we have FSF with the GNU
Project that purposely restrict license terms, resulting in in
GPLv2-only software not able to use any recent crypto library.

To me it looks like FSF/GNU project are acting against the spirit of
the free software here. Explicitly what they promise not to do with
their copyright assignment. This is not the first time this happened
as well. With the move to GPLv3, Apple has seized upstream gcc
development and instead works on llvm/clang. Which imho is a technical
loss for the project. And I can't recall the tls/CUPS issue at the
moment.

On these grounds I have not signed FSF copyright assignment. What's
the point, if further down the line, my software will not be available
to be used by a wide opensource community as possible, or be limited
in some way.

I hope that everyone agrees that OpenSSL advertisement clause has very
little publicity, monetary, or otherwise benefit these days. And I
presume FSF/GNU would also see it as such. When GPLv3/AGPLv3 were in
the process of being drafted, the drafter were well aware that linking
with OpenSSL has not been resolved, on blanket or on opt-out basis.
E.g. I pretty sure the world would not collapse if a new revision of
GPLv3.x license terms have "This product includes software developed
by the OpenSSL Project for use in the OpenSSL Toolkit.
(http://www.openssl.org/)" unless otherwise stated and have the
appropriate OpenSSL licensing exception. And it would truly become a
relief.

At this point I'd like to champion the recent big company / project to
grant OpenSSL linking exception, for an otherwise AGPLv3 software.
10gen granted a blanket OpenSSL linking exception for MongoDB. I
cannot thank enough all the people who were involved in making this
happen: from Mark Shuttleworth, James Page and many others from Ubuntu
side and Laura Czajkowski (Community Manager at MongoDB) and the rest
of legal / technical / management teams on the 10gen.... and I guess
many other people who got involved.

In the spirit, of open source, and specifically in support of
(AL)GPLv2 software, FSF/GNU are positioned to make (AL)GPLv3 software
backwards compatible, enough to link against. Such that, e.g.
(LA)GPLv2 code can link against (AL)GPLv3 code as long as (AL)GPLv3
code is not modified. If it is modified, those modification should be
re-distributed under the corresponding (AL)GPLv3 license. This would
open up the route for projects to move forward to v3 license terms if
they can and want, for the benefits/terms that those offer, without
hammering everyone "left behind", and without using dual-license terms
which pretty-much all/any benefits of the v3 clauses. This would also
be a great relief to everybody.

Designing v3 license terms, to be incompatible with v2, looks to me as
an "embrace, extend and extinguish" tactic, except it seems to
targeted at the open source software movement itself, that the FSF
helped to establish.

"License Must Not Be Specific to Debian" or, imho, any specific
projects, because well it's in-feasible and is causing real problems
for distributions. Maybe it is finally time to fix GPL?!

-- 
Regards,

Dimitri.

Reply to:

References:
- GnuTLS in Debian
  - From: Andreas Metzler <ametzler@debian.org>
- Re: GnuTLS in Debian
  - From: Moritz Mühlenhoff <jmm@inutil.org>
- Re: GnuTLS in Debian
  - From: md@Linux.IT (Marco d'Itri)
- Re: GnuTLS in Debian
  - From: Steve Langasek <vorlon@debian.org>
- Re: GnuTLS in Debian
  - From: md@Linux.IT (Marco d'Itri)
- Re: GnuTLS in Debian
  - From: Clint Byrum <spamaps@debian.org>
- Re: GnuTLS in Debian
  - From: Russ Allbery <rra@debian.org>
- Re: GnuTLS in Debian
  - From: Clint Adams <clint@debian.org>

Prev by Date: Re: GnuTLS in Debian
Next by Date: Re: GnuTLS in Debian
Previous by thread: Re: GPLv2-only considered harmful
Next by thread: Re: GnuTLS in Debian
Index(es):
- Date
- Thread