[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Providing an openssl-linked pycurl

Hi debian-legal,

Some people, who submitted or commented on bug #515200 would like to have a
version of pycurl linked with OpenSSL, mostly because of features provided.

Before going ahead with that, the maintainer asked to have some opinion from
-legal, so with this post I'm trying to solicit comments.

According to my understandment:

- OpenSSL is released under a license which is GPL incompatible, unless an
  exception to the GPL is used in the software compiled with it. Debian cannot
  distribute GPL software released under the unmodified GPL and linked against
- pycurl is released under the LGPL (2.1 or later) or a MIT/X derivative
  license based on the one of curl itself. Neither of these licenses is
  incompatible with OpenSSL, and as for curl itself we should be able to
  provide a version of pycurl which uses openssl.

Am I correct up to here?

Now, what would be the status of (unmodified) GPL python software which imports
pycurl? Is this considered the same as linking, and would it have to make sure
it uses the GNUTLS version, by depending on it?

This might open discussions about how to provide the feature tecnically (different module
names in python, conflicting packages, etc) and make sure legality is kept, but
in the meantime we'd just like a legal opinion on what would or would not be
ok. (also considering it's OK for a user to use GPL+OpenSSL software if he
wants, it's just not OK for us to distribute it).

Thanks a lot for your help and attention,


Reply to: