[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Re: openssl vs. GPL question

Hi everyone,

>On 6/4/05, Dafydd Harries <daf@muse.19inch.net> wrote:
>> I have a package Alexandria, written in Ruby, which will depend on a
>> new library in the next version. This library, ruby-zoom, is an LGPL Ruby
>> binding of libyaz. libyaz links to OpenSSL and is, as far as I can tell,
>> under a 2-clause BSD licence. Everything fine so far.
>> But it seems to me that it will be impossible for Alexandria, which is
>> under the GPL, to use ruby-zoom legally as, by doing so, it will be
>> linking against OpenSSL, which is under a GPL-incompatible licence. Am I
>> right in thinking so?
>It is Debian's historical practice, and the FSF's stance, not to
>permit this kind of dependency (direct or indirect).  I believe
>strongly, and have adduced plenty of case law to demonstrate, that the
>FSF's GPL FAQ is in error on this point.  I would not say, however,
>that my opinion represents a debian-legal consensus.  See recent
>debian-legal threads about Quagga, which is in a similar position.
>> My understanding of this issue is based on reading this thread:
>>         http://lists.debian.org/debian-legal/2002/10/msg00113.html
>> If there is indeed a licence problem here, I can see two main solutions:
>>  - Try to get libyaz in Debian to link against GnuTLS instead of
>>    OpenSSL.
>>  - Get the maintainer of Alexandria to make an exception for linking
>>    against OpenSSL.
>The latter is probably a better choice (at least in the short term),
>since the OpenSSL shim for GNU TLS was added to the GPL (not LGPL)
>libgnutls-extra.  (It's possible that it has since been moved into the
>LGPL portion, but I don't think so.)  While I don't believe in the
>FSF's theories about linking causing "GPL violation" (especially in
>the indirect scenario), it's the Debian way to request a clarification
>from upstream.
>> I notice that the Tellico package, which is GPL, already links against
>> libyaz. Is this a licence violation?
>No; but there again, it would probably be best to check with upstream
>about whether they would mind adding an explicit "OpenSSL exemption". 
>Wishlist bug?

Sorry to arrive late, I am not on -legal, amd only noticed this thread
during one of my usual checking of what's happening around here. I appear
to be the maintainer of tellico, so I would like to have a good advice on
what to do for this problem.

I have CC'ed Robby Stephenson, who is the upstream author of Tellico, so he can
know and make a decision about it if he thinks he should.


Reply to: