Re: openssl and GPL
On Sun, 2002-04-21 at 19:44, Brian May wrote:
> However, I am a bit puzzled; does that mean:
> - It is OK to distribute these programs if they are seperate from
> - It is OK to distribute a close source package that uses GPL packages
> from Debian?
No to both, but see below.
> My feeling is that these limitations aren't on the source code, but
> the binary code. If it was only the source code, then the binary code
> wouldn't matter.
> So you can link X (GPL) against Y (BSD), but if the binary of Y is
> changed (maybe without prior notice) to link against, say openssl, then
> suddenly the original linkage breaks the GPL. Even though the original
> program (X) has not changed, and has not even been recompiled.
Linking is never a problem. You can link X (GPL) against Y (Microsoft
EULA) if you like (and the MS EULA allows it). The problems arise when
distributing the result.
If we're distributing Debian with X (GPL) linked with Y (new BSD) linked
with OpenSSL, then we're not in compliance with X's license, since you
cannot use X without the presence of GPL-incompatible code. It doesn't
matter when any of that was linked.
If someone is distributing just X separately from Debian and relying on
Debian to provide Y, and Y on Debian happens to link with OpenSSL (but
can be built without it), then it would seem that everyone is OK, both
Debian and the third party - at least, until someone gets the bright
idea of distributing the pieces together.
> Come to think of it, can the GPL really say "It is Ok to distribute
> package X, but not if the version of Y supplied is linked into openssl"?
Sure it can. Why not?
> What if several compiled versions of Y have been made available, and
> only one of these uses openssl? (lets assume that these different
> versions can be used without recompiling, and that somehow the Depends
> field allows this).
I would expect that this would be OK as long as the "default" Y doesn't
link with OpenSSL. I'm not totally sure of that, though.
> The way I see Debians intepretation of the GPL is that it is based on
> the perspective of the end-user.
I'm not sure this is true. As I see it, we interpret the GPL by asking
what people distributing Debian are allowed to do. (Including us, of
Since the GPL is a distribution license, not a use license, questions
about the end user aren't really relevant. End users are explicitly
allowed to do whatever they want under the GPL.
> What would happen if a "Priority: required" package required OpenSSL?
> Wouldn't this defeat the point of the restrictions set by the GPL? Since
> any users would have to install openssl anyway?
Mere aggregation is explicitly allowed in the GPL. As long as the
required package has a compatible license to OpenSSL, there's no
The GPL doesn't apply to Debian as a whole. Debian's goals are
described in the DFSG, and since OpenSSL is DFSG-compliant, requiring
OpenSSL doesn't conflict with our goals (at least in that respect).
To UNSUBSCRIBE, email to firstname.lastname@example.org
with a subject of "unsubscribe". Trouble? Contact email@example.com