Re: GPLed software and OpenSSL
Steve Langasek <firstname.lastname@example.org>:
> > > One "solution" to the problem, assuming that most of the violations are
> > > in non-us, would be to not generate ISOs with non-us on them. This is
> > > practical now that crypto-in-main is done. At least in theory, then,
> > > OpenSSL (which is in main) would be "normally distributed" with Debian,
> > > and these components would not "accompan[y] the executable". I don't
> > > like it much, but it would at least have a veneer of respectability.
> > Well, if the stuff is available off Debian servers, then we are
> > basically distributing them. As well, libssl0.9.6 isn't automatically
> > installed with the system. It sort of seems like you're using a
> > quirk in the wording as opposed to real technical differences.
> In the legal world, wording makes all the difference. The GPL
> specifically talks about code that's distributed *with* the GPLed
> binary, not about code distributed *by the same people as* the GPLed
> binary, and we have no reason to believe that this distinction was
> unintentional. Many vendors of proprietary Unices (e.g., Sun) seem to
> already be counting on the fact that it is not.
This seems very dodgy. Firstly, you're claiming that main does not
accompany non-us, which is very hard to justify as it's all on the
same servers and non-us doesn't make much sense without main.
Secondly, it doesn't really conform with the DFSG as you are forcing
everyone else to maintain this fictional division between main and
non-us. On the other hand, if you would move the violating packages
into contrib, perhaps it would make more sense.
To UNSUBSCRIBE, email to email@example.com
with a subject of "unsubscribe". Trouble? Contact firstname.lastname@example.org