[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: cadaver licensing issues: openssl and GPL again

On Sat, Oct 12, 2002 at 01:24:35AM +0200, Bernd Eckenfels wrote:
> after I have received a Reject from FTP Masters on the cadaver package,
> because it is GPL and linked against openssl, I opened up the Bug #163583 and
> contacted upstream.

> http://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=163583

> Here is the answer from Joe Orton, which basically tells me that he can't
> relicense cadaver.

> He is the same oppinion as I am, openssl should be considered part of the
> operating system, which in that case is fine with the GPL and would solve
> the licensing problem of cadaver (and many other openSSL using packages).

> Considering the fact how many packages use the openssl libs, I dont see a
> problem in defining openssl a OS base package. Especially since it is
> priority "strandard" anyway.

The specific wording of the GPL grants an exception for linking binaries
against GPL-incompatible libraries that are part of the OS, *as long as*
your GPL binary is not shipped together with your libraries.  Debian
does not make this distinction; unless we were to make a new gpl-non-ssl
archive section, everything that we ship in main is part of a single OS
and is shipped together.

So the options are that you could secure a clarification of the GPL's OS
exemption from the FSF, in the form of a new revision of the GPL, that
permits what you're asking; or you can find a way to replace OpenSSL in
the build with a library providing equivalent features, such as gnutls.
It seems to me that the second is slightly more feasible. :)

Since Debian adopted its current hardline position on the GPL+OpenSSL
licensing issue, I've noticed a dramatic decrease in the number of
things OpenSSL can do that cannot also be done with GPL- or
LGPL-compatible libraries, and I've also discovered that there were many
more LGPL crypto routines available than I had previously thought.  One
of my packages was using OpenSSL, but only for DES and MD4; it was a
simple matter of a couple evenings' work to integrate some equivalent
code from libmhash and libmcrypt.  If you need any help finding LGPL
code that meets your needs, let me know.

Also, if the only barrier to relicensing is the presence of third-party
LGPL code, this is not a barrier at all, since the LGPL permits linking 
this code against any other object files you choose.

Steve Langasek
postmodern programmer

> ----- Forwarded message from Joe Orton <joe@manyfish.co.uk> -----
> Envelope-to: ecki@lina.inka.de
> From: Joe Orton <joe@manyfish.co.uk>
> To: Bernd Eckenfels <ecki@lina.inka.de>
> Cc: cadaver@webdav.org, submit@bugs.debian.org
> Subject: Re: [cadaver] Licensing issues
> Mail-Followup-To: Bernd Eckenfels <ecki@lina.inka.de>, cadaver@webdav.org,
> 	submit@bugs.debian.org
> Hi,
> On Sun, Oct 06, 2002 at 11:41:49PM +0200, Bernd Eckenfels wrote:
> ...
> > Well, anyway. All I would ask you for is, to allow explecitely in your
> > README File, that you allow linking with OpenSSL, since libcrypto is not
> > considered to be essential part of the operating system (for some strange
> > reasons I do not understand :)
> I've seen references to this before but I don't completely understand it
> either: can you find a statement of why? It seems quite reasonable to me
> to state that OpenSSL is "part of the operating system".  If you *don't*
> consider that OpenSSL is part of your operating system, then I guess you
> are obliged not to redistribute cadaver binaries which are linked
> against OpenSSL.
> cadaver includes LGPL code under FSF copyright at libneon/ne_md5.c; code
> which I cannot relicense, so this is not simply a case of adding an
> explicit disclaimer to the GPL as used in cadaver, I'm afraid.
> Regards,
> joe
> ----- End forwarded message -----
> -- 
>   (OO)      -- Bernd_Eckenfels@Wendelinusstrasse39.76646Bruchsal.de --
>  ( .. )  ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
>   o--o     *plush*  2048/93600EFD  eckes@irc  +497257930613  BE5-RIPE
> (O____O)  When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!
> -- 
> To UNSUBSCRIBE, email to debian-legal-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Attachment: pgpE_PUWWfjyt.pgp
Description: PGP signature

Reply to: