[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Providing an openssl-linked pycurl

Yavor Doganov wrote:
> Wed, 30 Jun 2010 21:35:45 +0100, MJ Ray
> > I think the suggestion is that software using python-pycurl would not
> > change if they were using openssl or gnutls.  I don't understand how the
> > GPL'd software is derived from openssl if it works interchangably with
> > gnutls on the other side of pycurl.  Can you explain?
> I see no difference between this scenario and a classic C program that 
> supports both OpenSSL and GnuTLS via #ifdef's and `configure' options.  

In the C-ifdef scenario, the GPL program is derived from both OpenSSL
and GnuTLS.  That is, its programmer obviously knows about OpenSSL's

In the pycurl scenario, the GPL program is derived from pycurl.  The
difference is that the GPL-using programmer need not know about
OpenSSL's functions, so I don't see how it can be said to be derived
from it.  It would even be written the same in a world without
OpenSSL, as long as pycurl is the same whether it's a version derived
from OpenSSL or a version derived from GNUTLS.

Can you explain why the GPL program using pycurl is derived from
OpenSSL, please?

> Or a C program linking against an LGPL'ed library which links against 
> libssl.  If the library is modified to use GnuTLS instead, the program 
> would still continue to work with that variant of the library 
> interchangably (provided it is API/ABI compatible, of course).  If the 
> program is using the gnutls-linked variant of the library, it needs no 
> exception.  If it is using the openssl-linked variant, it does because of 
> the indirect linking with libssl.

So, as long as debian usually installs the gnutls-linked variant, no
problem, right?

It's up to the user if they want to modify their system to install
the variant that may cause distribution/licensing problems.  Merely
having it available doesn't seem like a problem to me.

I repeat that I feel the best solution is to bugfix GNUTLS, broken
software or broken servers, before they break the OpenSSL variant too.
Rebuilding pycurl seems like a dirty/uncertain workaround.

My Opinion Only: see http://people.debian.org/~mjr/
Please follow http://www.uk.debian.org/MailingLists/#codeofconduct

Reply to: