[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Do Debian now simply ignore OpenSSL incomatibilities with GPL?



Hi Sean, and others,

Quoting Sean Whitton (2020-10-20 23:04:22)
> Hello,
> 
> On Tue 20 Oct 2020 at 06:43pm +02, Jonas Smedegaard wrote:
> 
> > It would certainly be good to have an official clarification.
> 
> I applied a patch to the REJECT-FAQ about it yesterday (thanks to
> Michael for the patch).  Is that adequate?
> 
> https://salsa.debian.org/ftp-team/website/-/commit/c804b2d2d0ff28ce50bbeaecaec6db05a58949b8

tl;dr: I think Debian should _state_ current practice (not just omit 
stating obsolete practice), and state it towards our users (not only 
ourselves).

It sure helps to have official website of the ftp-team reflect current 
practice of the the ftp-team, by removing obsolete practice. Thanks for 
spotting and correcting that.

What I think is important is something else, however.

It is still¹ unclear to me *which* og the involved general public 
license(s) Debian now interpret differently - GPL-1 and/or GPL-2 and/or 
GPL-3 and/or SSLeay and/or OpenSSL? - and how exactly.

If (as one notable speculative example) Debian now generally considers 
OpenSSL code as integral part of the core system for the interpretation 
of legal texts, then I think the ideal would be to add a note to 
https://www.debian.org/legal/licenses/ documenting that interpretation.

Why so prominently? Because it affects our users legally that we choose 
a different interpretation than the one equally prominently given by the 
author and major active user of at least one of the involved licenses: 
https://www.gnu.org/licenses/license-list.en.html#OpenSSL

Your proposed edit corrects _conflicting_ information from same team, 
but does not really _clarify_ current practice, and that same page 
states it "is a purely informational list, there may be more reasons."

On a related note, our (arguably more official) main website points to 
an (arguably less official) page explicitly saying about linking GPL and 
OpenSSL licensed code that "a note accompanying the license giving some 
extra permission must be present": 
https://people.debian.org/~bap/dfsg-faq linked from 
https://www.debian.org/legal/licenses/


Kind regards,

 - Jonas


¹ I appreciate the input from Paul Wise and Andrey Rahmatullin, but 
those seem more like personal interpretations than conclusive official 
Debian statements.

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

Attachment: signature.asc
Description: signature


Reply to: