[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL

Steven Chamberlain <steven@pyro.eu.org> writes:

> So, merely as a result of the licensing, we could have a fascinating
> situation whereby:
> * BSD-licensed software contemplates switching from OpenSSL to LibreSSL
> * GNU-licensed software keeps using OpenSSL with license exception, or
> maybe someday switches to GnuTLS

> So, this reduces the amount of software that could potentially switch
> from OpenSSL from LibreSSL.  And since BSD and GNU software are unable
> to link against each other, it reduces the likelihood that something
> will indirectly link against OpenSSL and LibreSSL at the same time (the
> situation Russ Allbery described).

I'm not sure that I understand your argument.  In fact, this seems like a
rather strong argument *against* using LibreSSL.

Currently, GPL software can link with BSD software without any trouble.
It can't link with OpenSSL software without a license exception, but those
exceptions are relatively common.

In the world in which BSD software is linked with LibreSSL and the license
exceptions have not been changed to allow OpenSSL-derived software, now
(due to the way that Debian applies this rule transitively) GPL software
can't link against BSD-licensed libraries that link with LibreSSL, even
though previously this wouldn't be a problem due to the OpenSSL exception.

This seems like a very bad thing to me.

One can, of course, argue that we're too aggressive about this particular
licensing issue, but that's an argument that we've had multiple times in
the past, and it seems unlikely anyone is going to budge off their current

Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to: