[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: GPLed software and OpenSSL

On Wed, 2002-05-29 at 08:11, Simon Law wrote:
> I decided to take a look at what Reverse Depends on OpenSSL:
> sfllaw@SAL9000:~/src/snort-1.8.6$ apt-cache showpkg libssl0.9.6 | grep
> '^  ' | wc -l
>     165
> 	These 165 packages include such GPLed software as: nessus,
> snort, wget-ssl, proftpd, kdelibs3-crypto, postgresql, gnustep-ssl,
> etc...  I'm very disturbed by this discovery, as we would be doing
> something illegal by distributing these packages in the upcoming
> release.  What should we do?

Out of curiosity, do you have non-us in your sources.list?  It would be
interesting to find out how much of that software is really in main.

One "solution" to the problem, assuming that most of the violations are
in non-us, would be to not generate ISOs with non-us on them.  This is
practical now that crypto-in-main is done.  At least in theory, then,
OpenSSL (which is in main) would be "normally distributed" with Debian,
and these components would not "accompan[y] the executable".  I don't
like it much, but it would at least have a veneer of respectability.

As for GPLed stuff in main linked against OpenSSL: I don't know.  It
really should be pulled.  OTOH, we're already nearly a month behind on
releasing woody, and pulling some of that stuff would be a bit harsh.

I'd also be careful, though, and check your licenses.  At least one that
you mention (postgresql) is BSD.

To UNSUBSCRIBE, email to debian-legal-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: