[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RE: Bug#147430: hpoj: Linking against OpenSSL licensing modificat ion (GPL)

Simon Law wrote:
> 	Please use the official GNU sanctioned statement.  It highlights
> that you shouldn't modify the GPL, and it also provides good
> boilerplate; so you don't have to make up your own.
> 	http://www.gnu.org/licenses/gpl-faq.html#WritingFSWithNFLibs
Thanks to everyone for the information.  I will probably need to consult
with our attorney and several others to make sure that whatever I use (even
if it's the FSF template) properly addresses my concerns and doesn't create
any undesired loopholes.  In the meantime, informally I don't object if you
continue to link with libcrypto to satisfy libsnmp's dependency on
libcrypto, but if that's not sufficient then you can always temporarily
disable hpoj's SNMP support until I can supply an appropriate formal license
exception statement.  (I don't suppose there's a way to link with libsnmp
but not libcrypto?)

Jeff Licquia wrote:
>  - the clause in the OpenSSL license which reads:
> "The licence and distribution terms for any publically 
> available version
> or derivative of this code cannot be changed.  i.e. this code cannot
> simply be copied and put under another distribution licence [including
> the GNU Public Licence.]"
> This clause appears to forbid binary linking under the GPL 
> section 2 (as
> invoked by section 3).
> We do consider Debian to be bound by this; specifically, 
> OpenSSL is now
> out of non-us/main and in main, so it most definitely 
> "normally includes OpenSSL".
But if Debian "most definitely 'normally includes OpenSSL'", then doesn't
that make this issue irrelevant?  Or do OpenSSL's advertising and anti-GPL
clauses override the normal-inclusion condition?

Mark Horn wrote:
> Correct me if I'm wrong, but the GPL says that no one can *release*
> a copy of hpoj linked to OpenSSL.  They can certainly use hpoj linked
> to OpenSSL.  Of course, that doesn't help you as the guy who is trying
> to package up hpoj for debian.  But if I want to link hpoj to OpenSSL,
> there's nothing in my reading of the GPL that prevents me.  I simply
> can't release any such code to anyone else.
You are correct.  The GPL doesn't restrict your own use of software; it
merely sets the conditions for copying (distributing) software (with or
without modifications), which by default isn't allowed under copyright law.
The question of whether linking with OpenSSL requires special permission
from me only comes into play if you distribute binaries rather than have the
recipient compile the source code for him/herself and generate the
questioned linkage.


To UNSUBSCRIBE, email to debian-legal-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: