Re: Re: openssl vs. GPL question

To: debian-legal@lists.debian.org
Cc: robby@periapsis.org
Subject: Re: Re: openssl vs. GPL question
From: Regis Boudin <regis@boudin.name>
Date: Sat, 11 Jun 2005 00:49:45 +0100
Message-id: <[🔎] 1118447385.15656.41.camel@localhost.localdomain>
In-reply-to: <[🔎] 625a0e65050604232742104cc2@mail.gmail.com>

Hi everyone,

>On 6/4/05, Dafydd Harries <daf@muse.19inch.net> wrote:
>> I have a package Alexandria, written in Ruby, which will depend on a
>> new library in the next version. This library, ruby-zoom, is an LGPL Ruby
>> binding of libyaz. libyaz links to OpenSSL and is, as far as I can tell,
>> under a 2-clause BSD licence. Everything fine so far.
>> 
>> But it seems to me that it will be impossible for Alexandria, which is
>> under the GPL, to use ruby-zoom legally as, by doing so, it will be
>> linking against OpenSSL, which is under a GPL-incompatible licence. Am I
>> right in thinking so?
>
>It is Debian's historical practice, and the FSF's stance, not to
>permit this kind of dependency (direct or indirect).  I believe
>strongly, and have adduced plenty of case law to demonstrate, that the
>FSF's GPL FAQ is in error on this point.  I would not say, however,
>that my opinion represents a debian-legal consensus.  See recent
>debian-legal threads about Quagga, which is in a similar position.
>
>> My understanding of this issue is based on reading this thread:
>> 
>>         http://lists.debian.org/debian-legal/2002/10/msg00113.html
>> 
>> If there is indeed a licence problem here, I can see two main solutions:
>> 
>>  - Try to get libyaz in Debian to link against GnuTLS instead of
>>    OpenSSL.
>> 
>>  - Get the maintainer of Alexandria to make an exception for linking
>>    against OpenSSL.
>
>The latter is probably a better choice (at least in the short term),
>since the OpenSSL shim for GNU TLS was added to the GPL (not LGPL)
>libgnutls-extra.  (It's possible that it has since been moved into the
>LGPL portion, but I don't think so.)  While I don't believe in the
>FSF's theories about linking causing "GPL violation" (especially in
>the indirect scenario), it's the Debian way to request a clarification
>from upstream.
> 
>> I notice that the Tellico package, which is GPL, already links against
>> libyaz. Is this a licence violation?
>
>No; but there again, it would probably be best to check with upstream
>about whether they would mind adding an explicit "OpenSSL exemption". 
>Wishlist bug?

Sorry to arrive late, I am not on -legal, amd only noticed this thread
during one of my usual checking of what's happening around here. I appear
to be the maintainer of tellico, so I would like to have a good advice on
what to do for this problem.

I have CC'ed Robby Stephenson, who is the upstream author of Tellico, so he can
know and make a decision about it if he thinks he should.

Regards,
Regis

Reply to:

References:
- Re: openssl vs. GPL question
  - From: "Michael K. Edwards" <m.k.edwards@gmail.com>

Prev by Date: Re: Is this license DFSG free?
Next by Date: Re: Creating a Debtags 'license' facet
Previous by thread: Re: openssl vs. GPL question
Next by thread: Re: openssl vs. GPL question
Index(es):
- Date
- Thread