On Wed, Nov 14, 2001 at 09:21:04AM -0500, Sam Hartman wrote: > [please respect mail-followup-to and keep debian-kerberos copied] > Hi. We're working on some consensus guidelines among the Kerberos > maintainers to help packagers who want to add Kerberos support to > their packages. A legal question has come up. > The Heimdal implementation links against libssl in order to get its > crypto. How does this effect GPLed applications? Note that the > applications do not normally call any routines from libssl; they only > call Heimdal routines indirectly. > Another thing that may make this different than the standard libssl > linking question is that there are multiple implementations of > Kerberos. The APIs are not the same so some applications only work > with Heimdal, but other applications work both with Heimdal and the > MIT implementation. Is the existence of another implementation enough > to allow us to ignore the libssl dependency and link against Heimdal? Would that MIT Kerberos and Heimdal were ABI-compatible; then there would be no question that it was legal to link GPL software against Heimdal, because it would be indistinguishable from linking against MIT Kerberos, which is permitted. Currently, however, it's my impression that indirect linking against libssl is as prohibited as direct linking against libssl. The net result is the same, namely that the GPL binary has a dependency on libraries that have an incompatible license. This 'indirect linking' is equivalent to someone writing a proprietary library, providing a GPL wrapper that includes the only entry points that people will link against, and claiming the whole unit is GPL-compatible. Steve Langasek postmodern programmer
Attachment:
pgp94re2Yq2RV.pgp
Description: PGP signature