On Thu, Jan 16, 2003 at 05:40:47PM +0100, Simon Josefsson wrote: > Steve Langasek <vorlon@netexpress.net> writes: > > Think of the case of an LGPL library that wants to include SSL > > functionality. If it links against the GPLed GNU TLS layer, it cannot be > > used by GPL-incompatible apps, because the GPL requires the application > > to be distributed under the terms of the GPL; if it links against the > > OpenSSL libs, it cannot be used by GPL apps, which require the same thing > > of the libraries. > There is a third option: Make the library use GNU TLS natively, > without the OpenSSL compatibility layer. GNU TLS core is LGPL. While true, this doesn't address the fundamental complaint that the licensing of the OpenSSL compatibility layer renders it worthless for most applications. The ironic result is that those who write GPL-compatible software are free to use the older APIs that are historically associated with GPL-incompatible code; and those who write GPL-incompatible software, free or not, must choose between using libraries that are wholly GPL-incompatible, or using libraries with a learning curve. And Debian is stuck in the middle. Sure, code can be rewritten to use gnutls natively. But I don't understand why anyone would consider this a useful expenditure of developer resources when the necessary OpenSSL compat glue could simply be made available under the LGPL. -- Steve Langasek postmodern programmer
Attachment:
pgpnBXbQy1Wzn.pgp
Description: PGP signature