Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
On Mon, Jul 14, 2014 at 01:32:40PM -0700, Russ Allbery wrote:
> In the world in which BSD software is linked with LibreSSL and the license
> exceptions have not been changed to allow OpenSSL-derived software, now
> (due to the way that Debian applies this rule transitively) GPL software
> can't link against BSD-licensed libraries that link with LibreSSL, even
> though previously this wouldn't be a problem due to the OpenSSL exception.
> This seems like a very bad thing to me.
Imho, this is a non-issue, due to the simple fact that we are not yet
shipping LibreSSL, and due to the fact that LibreSSL is still very
young. It took time to get the OpenSSL exception from upstreams, and
over time, maybe, there will be LibreSSL exceptions as well. Or the code
will be re-done to a point where the OpenSSL license might be dropped.
So far, LibreSSL is young enough so upstreams simply had no time to
amend their licenses, if they would want to allow LibreSSL, too.
It would be "very bad" if we would be forced to switch to LibreSSL right
now, but we aren't. No need to panic, really.