Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL

To: debian-devel@lists.debian.org
Subject: Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
From: Russ Allbery <rra@debian.org>
Date: Mon, 14 Jul 2014 13:32:40 -0700
Message-id: <[🔎] 87y4vvzno7.fsf@windlord.stanford.edu>
In-reply-to: <[🔎] 53C43D49.6070105@pyro.eu.org> (Steven Chamberlain's message of "Mon, 14 Jul 2014 21:27:53 +0100")
References: <[🔎] 20140711220627.24261.14073.reportbug@spruce.wiehl.oeko.net> <20140712112547.GA17955@roeckx.be> <20140712115345.GA10308@spruce.wiehl.oeko.net> <[🔎] 20140712121513.GA18849@roeckx.be> <[🔎] 20140712124645.GB10308@spruce.wiehl.oeko.net> <[🔎] 87vbr1y2va.wl%jeroen@dekkers.ch> <[🔎] 20140714200800.GB12760@spruce.wiehl.oeko.net> <[🔎] 53C43D49.6070105@pyro.eu.org>

Steven Chamberlain <steven@pyro.eu.org> writes:

> So, merely as a result of the licensing, we could have a fascinating
> situation whereby:
> * BSD-licensed software contemplates switching from OpenSSL to LibreSSL
> * GNU-licensed software keeps using OpenSSL with license exception, or
> maybe someday switches to GnuTLS

> So, this reduces the amount of software that could potentially switch
> from OpenSSL from LibreSSL.  And since BSD and GNU software are unable
> to link against each other, it reduces the likelihood that something
> will indirectly link against OpenSSL and LibreSSL at the same time (the
> situation Russ Allbery described).

I'm not sure that I understand your argument.  In fact, this seems like a
rather strong argument *against* using LibreSSL.

Currently, GPL software can link with BSD software without any trouble.
It can't link with OpenSSL software without a license exception, but those
exceptions are relatively common.

In the world in which BSD software is linked with LibreSSL and the license
exceptions have not been changed to allow OpenSSL-derived software, now
(due to the way that Debian applies this rule transitively) GPL software
can't link against BSD-licensed libraries that link with LibreSSL, even
though previously this wouldn't be a problem due to the OpenSSL exception.

This seems like a very bad thing to me.

One can, of course, argue that we're too aggressive about this particular
licensing issue, but that's an argument that we've had multiple times in
the past, and it seems unlikely anyone is going to budge off their current
position.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to:

Follow-Ups:
- Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
  - From: Toni Mueller <toni@debian.org>
- Re: Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
  - From: Steven Chamberlain <steven@pyro.eu.org>

References:
- Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
  - From: Toni Mueller <support@oeko.net>
- Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
  - From: Kurt Roeckx <kurt@roeckx.be>
- Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
  - From: Toni Mueller <toni@debian.org>
- Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
  - From: Jeroen Dekkers <jeroen@dekkers.ch>
- Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
  - From: Toni Mueller <toni@debian.org>
- Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
  - From: Steven Chamberlain <steven@pyro.eu.org>

Prev by Date: Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
Next by Date: Re: node-webkit
Previous by thread: Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
Next by thread: Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
Index(es):
- Date
- Thread