Re: Bug#522311: qbittorrent: Linked with OpenSSL, seems to be a GPL violation
On Sat, Apr 4, 2009 at 05:06, Cristian Greco <firstname.lastname@example.org> wrote:
> [ CCing debian-legal for comments ]
> On Fri, Apr 03, 2009 at 10:37:49PM +0300, Adrian Bunk wrote:
>> On Fri, Apr 03, 2009 at 01:35:30AM +0200, Cristian Greco wrote:
>> > On Thu, Apr 02, 2009 at 08:27:19PM +0300, Adrian Bunk wrote:
>> > > $ ldd /usr/bin/qbittorrent | grep ssl
>> > > libssl.so.0.9.8 => /usr/lib/libssl.so.0.9.8 (0x00007fd73085a000)
>> > > $
>> > >
>> > >
>> > > /usr/share/doc/qbittorrent/copyright states that much of the code
>> > > is GPL-licenced.
>> > >
>> > > I didn't find any statement that all copyright holders of GPL'ed code
>> > > in tracker have given extra permission to link with OpenSSL.
>> > >
>> > >
>> > > See also question 28 at
>> > > http://people.debian.org/~bap/dfsg-faq
>> > Hi Adrian,
>> > first of all thanks for your report.
>> > qbittorrent does not use directly the OpenSSL library, as you can see looking
>> > at the source code and the symbols table of the (unstripped) executable file.
>> > It is linked against two libraries using libssl (libtorrent-rasterbar and
>> > libcurl), and there are some symbols from boost::asio related to 'ssl'.
>> > And by the way, even if the majority of the C++ code in qbittorrent is released
>> > under the GPL, the debian/copyright file includes a mix of files with different
>> > licenses (LGPL, BSD, MIT), so that lintian does not complain about linking
>> > against libssl.
>> > Any suggestion?
>> The libcurl case might be easy to resolve, but I don't know anything
>> about the libtorrent-rasterbar.
>> It might be required that you get all copyright holders to agree on a
>> licence exception.
> The point is that qbittorrent doesn't directly link against libssl and the
> source code doesn't really use that library. Is it really necessary to add the
> I'm not sure if the executable linking is caused by libtorrent-rasterbar (BSD
> code linked against libssl) or some other required libraries/headers. In the
> former case, if linking is caused by the torrent library, all of its clients
> should add such exception.
> My thought is that qbittorrent shouldn't be affected by this problem because it
> doesn't really link against libssl. And BTW, the source code includes licenses
> such as LGPL, BSD and MIT, so it shouldn't need the exception anyway.
I think it need an exception.
GPL licensed code and OpenSSL licensed code should not run in the same process.