[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#522311: qbittorrent: Linked with OpenSSL, seems to be a GPL violation



Hi.

On Sat, Apr 04, 2009 at 01:06:49PM +0300, Adrian Bunk wrote:
> On Sat, Apr 04, 2009 at 11:43:53AM +0200, Cristian Greco wrote:
> > 2) Why doesn't lintian complain about the exception if the source code contains
> > GPL + another different license (this is the case with qbittorrent)?
> 
> First of all, please try to understand the differences between the 
> following completely different cases:
> - program with different licences, that effectively mean the whole 
>   program is licenced under one specific licence (e.g. combining BSD and 
>   GPL licenced code results in the program being GPL licenced)
> - package contains different programs under different licences
> - dual-licenced code
> 
> Why lintian doesn't find these cases:
> - Catching some of the simpler cases is not too hard.
>   Handling all details of existing open source licencing would be
>   very hard.
> - As far as I understand the code in lintian, it only parses the 
>   dependency information of the package. That would have worked
>   for indirect dependencies 10 years ago when dependencies were created 
>   using ldd, but indirect dependencies cannot be found this way today.
> 
> But lintian is anyway just a tool to find some errors, it can never be 
> used to prove that a package is correct.


On Sat, Apr 04, 2009 at 10:09:01PM +1100, Ben Finney wrote:
> Cristian Greco <cristian.debian@gmail.com> writes:
> 
> > 2) Why doesn't lintian complain about the exception if the source
> > code contains GPL + another different license (this is the case with
> > qbittorrent)?
> 
> Until we have an agreed machine-parseable ‘debian/copyright’ format,
> and until that file is correctly populated with the actual copyright
> information, Lintian will be unable to reliably detect such problems
> mechanically.

I see your point here, and I already know that lintian is just a support tool.

Agreed on that, but this was a secondary remark, I'm still concerned about my
first question:


On Sat, Apr 04, 2009 at 05:47:15PM +0800, LI Daobing wrote:
> On Sat, Apr 4, 2009 at 17:43, Cristian Greco <cristian.debian@gmail.com> wrote:
> > 1) What to do in this case? Should all clients based on libtorrent-rasterbar
> > and licensed under the GPL add an exception even if they don't directly use the
> > OpenSSL library?
> >
> libtorrent-rasterbar should provide two packages, one is
> libtorrent-rasterbar-openssl (with openssl enabled), another is
> libtorrent-rasterbar (with openssl disabled), just like libcurl3 and
> libcurl3-gnutls.

This is not what I was looking for (and this solution wouldn't be useful, as
all existing clients actually require encryption to be enabled). My question is
if it is really needed for all clients licensed under the GPL to add an
exception even if they don't directly use the OpenSSL library.
This could be a problem, eventually.

Thanks,
--
Cristian Greco
GPG key ID: 0x0C095825 

Attachment: signature.asc
Description: Digital signature


Reply to: