Re: GPLed software and OpenSSL

To: debian-legal@lists.debian.org
Subject: Re: GPLed software and OpenSSL
From: Simon Law <sfllaw@engmail.uwaterloo.ca>
Date: Wed, 29 May 2002 13:17:42 -0400 (EDT)
Message-id: <[🔎] Pine.GSO.4.05.10205291311160.18318-100000@engmail.uwaterloo.ca>
In-reply-to: <[🔎] 1022687890.973.18.camel@laptop2.internal.licquia.org>

On 29 May 2002, Jeff Licquia wrote:

> On Wed, 2002-05-29 at 08:11, Simon Law wrote:
> > I decided to take a look at what Reverse Depends on OpenSSL:
> > 
> > sfllaw@SAL9000:~/src/snort-1.8.6$ apt-cache showpkg libssl0.9.6 | grep
> > '^  ' | wc -l
> >     165
> > 
> > 	These 165 packages include such GPLed software as: nessus,
> > snort, wget-ssl, proftpd, kdelibs3-crypto, postgresql, gnustep-ssl,
> > etc...  I'm very disturbed by this discovery, as we would be doing
> > something illegal by distributing these packages in the upcoming
> > release.  What should we do?
> 
> Out of curiosity, do you have non-us in your sources.list?  It would be
> interesting to find out how much of that software is really in main.

	Yes, I do have non-us in my list.  Removing it narrow our group
down to 16, none of which seem to be in violation.

> One "solution" to the problem, assuming that most of the violations are
> in non-us, would be to not generate ISOs with non-us on them.  This is
> practical now that crypto-in-main is done.  At least in theory, then,
> OpenSSL (which is in main) would be "normally distributed" with Debian,
> and these components would not "accompan[y] the executable".  I don't
> like it much, but it would at least have a veneer of respectability.

	Well, if the stuff is available off Debian servers, then we are
basically distributing them.  As well, libssl0.9.6 isn't automatically
installed with the system.  It sort of seems like you're using a
quirk in the wording as opposed to real technical differences.

> As for GPLed stuff in main linked against OpenSSL: I don't know.  It
> really should be pulled.  OTOH, we're already nearly a month behind on
> releasing woody, and pulling some of that stuff would be a bit harsh.

	It would be.  I wish that I had caught this stuff sooner.

> I'd also be careful, though, and check your licenses.  At least one that
> you mention (postgresql) is BSD.

	You are correct.  It's license is XFree86-style, and not GPL.

Simon


-- 
To UNSUBSCRIBE, email to debian-legal-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: GPLed software and OpenSSL
  - From: Steve Langasek <vorlon@netexpress.net>
- Re: GPLed software and OpenSSL
  - From: Jeff Licquia <licquia@debian.org>
- Re: GPLed software and OpenSSL
  - From: Anthony Towns <aj@azure.humbug.org.au>

References:
- Re: GPLed software and OpenSSL
  - From: Jeff Licquia <licquia@debian.org>

Prev by Date: Re: GPLed software and OpenSSL
Next by Date: Re: GPLed software and OpenSSL
Previous by thread: Re: GPLed software and OpenSSL
Next by thread: Re: GPLed software and OpenSSL
Index(es):
- Date
- Thread