Re: GPL-licensed packages with depend-chain to OpenSSL

To: debian-legal@lists.debian.org
Subject: Re: GPL-licensed packages with depend-chain to OpenSSL
From: Glenn Maynard <glenn@zewt.org>
Date: Thu, 9 Sep 2004 23:36:26 -0400
Message-id: <[🔎] 20040910033626.GO21120@zewt.org>
Mail-followup-to: debian-legal@lists.debian.org
In-reply-to: <[🔎] 20040910025538.GC11468@bohr.local>
References: <20040819083847.GD10426@mauritius.dodds.net> <yw1xbrh7h4ug.fsf@mru.ath.cx> <20040819183729.GA11054@mauritius.dodds.net> <20040819221257.GB2727@suffields.me.uk> <874qmy3b78.fsf@deneb.enyo.de> <[🔎] D05D2B9A-FD3C-11D8-8F3A-00039317863E@suespammers.org> <[🔎] 87eklimep4.fsf@deneb.enyo.de> <[🔎] 1084640D-002F-11D9-8F3A-00039317863E@suespammers.org> <[🔎] 87oekj6y55.fsf@aule.evenmere.org> <[🔎] 20040910025538.GC11468@bohr.local>

On Thu, Sep 09, 2004 at 10:55:38PM -0400, Anthony DeRobertis wrote:
> (b) The method is what must be analyzed, not the end result. As a
>     trivial example, take the end result of having Microsoft Windows
> 	installed on a PC. A legal contraption to do that would be to go to
> 	your local computer store and buy a copy. An illegal contraption to
> 	do that would be Kazaa.
> 
> As an example, I think distributing a package which downloaded FOO
> source code and compiles it --- on the user's machine --- with OpenSSL
> might be fine, as we'd be distributing under GPL 2 (or even GPL 1), and
> GPL 2 doesn't require source to all modules contained in the program
> (only to the program and works based on it, which OpenSSL clearly
> isn't).

The GPL requires that all derived works be entirely available under the
terms of the GPL.  One piece of the resulting binary--OpenSSL--is not.
This seems to clearly violate the spirit of the GPL.

I don't know if the actual mechanism here is infringing.  This is really
just a case of the "distribute only source code, avoiding disributing
binaries, to circumvent some of the GPL's requirements" "loophole", which
we've discussed here several times, I think.  I have no idea how this
would fare in court, but I hope we agree that this would not be an
acceptable thing for Debian to do.  (I don't know if by "fine" you mean
"legally fine" or "actually fine".)

-- 
Glenn Maynard

Reply to:

Follow-Ups:
- Re: GPL-licensed packages with depend-chain to OpenSSL
  - From: Anthony DeRobertis <asd@suespammers.org>

References:
- Re: GPL-licensed packages with depend-chain to OpenSSL
  - From: Anthony DeRobertis <asd@suespammers.org>
- Re: GPL-licensed packages with depend-chain to OpenSSL
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: GPL-licensed packages with depend-chain to OpenSSL
  - From: Anthony DeRobertis <asd@suespammers.org>
- Re: GPL-licensed packages with depend-chain to OpenSSL
  - From: Brian Thomas Sniffen <bts@alum.mit.edu>
- Re: GPL-licensed packages with depend-chain to OpenSSL
  - From: Anthony DeRobertis <anthony@derobert.net>

Prev by Date: Re: GPL-licensed packages with depend-chain to OpenSSL
Next by Date: Re: GPL-licensed packages with depend-chain to OpenSSL
Previous by thread: Re: GPL-licensed packages with depend-chain to OpenSSL
Next by thread: Re: GPL-licensed packages with depend-chain to OpenSSL
Index(es):
- Date
- Thread