Re: GPL-licensed packages with depend-chain to OpenSSL
On Sep 9, 2004, at 23:36, Glenn Maynard wrote:
First off, I made up this example quickly to try and illustrate that
looking at the end result is not enough; that we need to examine the
steps that got us there.
Hopefully, -legal will consider and respond to the other point made in
my previous post as well.
As an example, I think distributing a package which downloaded FOO
source code and compiles it --- on the user's machine --- with OpenSSL
might be fine, as we'd be distributing under GPL 2 (or even GPL 1),
GPL 2 doesn't require source to all modules contained in the program
(only to the program and works based on it, which OpenSSL clearly
The GPL requires that all derived works be entirely available under the
terms of the GPL.
Yes, but OpenSSL wouldn't be a derived work of the GPL program (it
can't be, because it was created before the GPL program).
One piece of the resulting binary--OpenSSL--is not.
This seems to clearly violate the spirit of the GPL.
It might, but the GPL does have the normal components of an OS
exception, for example. And only GPL (3), not (1) or (2) mentions all
components of the resulting binary.
I have no idea how this
would fare in court,
It seems quite allowed by the plain language of the GPL.
Also, if we were to put a binary in a special section on separate
servers, that'd be allowed under the normal components exception to
but I hope we agree that this would not be an
acceptable thing for Debian to do. (I don't know if by "fine" you mean
"legally fine" or "actually fine".)
I agree it is not something Debian should be doing. For one thing, we
should (when at all reasonable) respect upstream's wishes; for another,
not being able to distribute binaries violates the DFSG. It's also
probably more risky because even if the GPL allows it, a lot of people
probably don't realize it.