[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#147668: base-files: please include the OpenSSL license

On Tue, 2002-05-21 at 18:34, Glenn McGrath wrote:
> On 21 May 2002 15:14:18 -0500
> "Jeff Licquia" <licquia@debian.org> wrote:
> > On Tue, 2002-05-21 at 14:44, Stefan Hornburg (Racke) wrote:
> > > Tomas Pospisek <tpo_deb@sourcepole.ch> writes:
> > > 
> > > 
> > > [...]
> > > 
> > > > But since linking against OpenSSL is now officially blessed and
> > > > packages depending on openssl officially included in main, it'd be
> > > > nice to have the license shipped with base (again it's at rank #24
> > > > of most depended on packages, just behind kdelibs).
> > > 
> > > Hm, that's new for me. Is linking GPL'ed software against
> > > OpenSSL now OK ? Please give me a pointer if this is true.
> > 
> > Nope.
> Did we actually arive at a conclusion ?
> I was recently considering packaging GNUnet, however it links to openssl,
> is the official position that GPL'ed binaries that link to openssl should
> be in non-US or contrib, or are we still in limbo ?

I am repeating the "party line" as it has been explained to me.  See the
recent threads in debian-legal concerning CUPS for examples.

It's my understanding that there are two problems with the OpenSSL

 - The advertising clause

 - The "cannot relicense under any other license, including the GPL"
clause, which appears to forbid binary linking under the GPL section 2
(through the terms of section 3).

Specifically, I was responding to the assertion that crypto-in-main
makes OpenSSL OK for *GPLed* programs.  Unless something has changed on
the licensing front (the GPL has changed, or the OpenSSL license has
changed), this is not true.  Crypto-in-main only changes our policy
concerning linking otherwise-license-compatible things with OpenSSL,
such as LGPLed stuff, GPL-plus-OpenSSL-exception stuff, MIT/X stuff, new
BSD stuff, and so on.

> Some people say linking to openssl if fine, and that RMS himself is ok
> with it, i find it hard to believe myself.
> http://mail.gnu.org/pipermail/gnunet-developers/2002-May/000100.html

I refuse to comment on such things, for fear of another license flamewar
on debian-devel.  Perhaps debian-legal would like to examine the issue
and comment.

(That's a hint.  I'll make myself more clear: if you want to talk about
this message from the gnunet people, go to debian-legal.)

> Is giving libssl a priority of standard enough to consider it normally
> part of the base OS, or should it be required ? (to qualify for the escape
> clause in the GPL)

The problematic clause in the GPL is "unless that component itself
accompanies the executable." (section 3)  If "Debian" is defined as
"main", then OpenSSL "accompanies" anything else in main.

To UNSUBSCRIBE, email to debian-legal-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: