[ CCing debian-legal for comments ] On Fri, Apr 03, 2009 at 10:37:49PM +0300, Adrian Bunk wrote: > On Fri, Apr 03, 2009 at 01:35:30AM +0200, Cristian Greco wrote: > > On Thu, Apr 02, 2009 at 08:27:19PM +0300, Adrian Bunk wrote: > > > > > $ ldd /usr/bin/qbittorrent | grep ssl > > > libssl.so.0.9.8 => /usr/lib/libssl.so.0.9.8 (0x00007fd73085a000) > > > $ > > > > > > > > > /usr/share/doc/qbittorrent/copyright states that much of the code > > > is GPL-licenced. > > > > > > I didn't find any statement that all copyright holders of GPL'ed code > > > in tracker have given extra permission to link with OpenSSL. > > > > > > > > > See also question 28 at > > > http://people.debian.org/~bap/dfsg-faq > > > > Hi Adrian, > > > > first of all thanks for your report. > > > > qbittorrent does not use directly the OpenSSL library, as you can see looking > > at the source code and the symbols table of the (unstripped) executable file. > > It is linked against two libraries using libssl (libtorrent-rasterbar and > > libcurl), and there are some symbols from boost::asio related to 'ssl'. > > > > And by the way, even if the majority of the C++ code in qbittorrent is released > > under the GPL, the debian/copyright file includes a mix of files with different > > licenses (LGPL, BSD, MIT), so that lintian does not complain about linking > > against libssl. > > > > Any suggestion? > > The libcurl case might be easy to resolve, but I don't know anything > about the libtorrent-rasterbar. > > It might be required that you get all copyright holders to agree on a > licence exception. The point is that qbittorrent doesn't directly link against libssl and the source code doesn't really use that library. Is it really necessary to add the exception? I'm not sure if the executable linking is caused by libtorrent-rasterbar (BSD code linked against libssl) or some other required libraries/headers. In the former case, if linking is caused by the torrent library, all of its clients should add such exception. My thought is that qbittorrent shouldn't be affected by this problem because it doesn't really link against libssl. And BTW, the source code includes licenses such as LGPL, BSD and MIT, so it shouldn't need the exception anyway. Thanks, -- Cristian Greco GPG key ID: 0x0C095825
Attachment:
signature.asc
Description: Digital signature