Re: Plugins for non-free software in orig.tar.gz

To: Rudolf Polzer <divVerent@alientrap.org>, debian-legal@lists.debian.org
Subject: Re: Plugins for non-free software in orig.tar.gz
From: Wols Lists <antlists@youngman.org.uk>
Date: Wed, 14 Jul 2010 13:13:57 +0100
Message-id: <[🔎] 4C3DAA05.60707@youngman.org.uk>
In-reply-to: <20100713135431.GA2651@div0.qc.to>
References: <201006300008.01186.manuel.montezelo@gmail.com> <[🔎] 20100703104930.2210c715.frx@firenze.linux.it> <[🔎] 20100704123459.9fdb37e5.frx@firenze.linux.it> <[🔎] 201007061944.34391.manuel.montezelo@gmail.com> <[🔎] 20100712231559.1c42bc6a.frx@firenze.linux.it> <[🔎] 20100713053850.GA8898@div0.qc.to> <4C3C2542.9070501@youngman.org.uk> <20100713135431.GA2651@div0.qc.to>

On 13/07/10 14:54, Rudolf Polzer wrote:
> On Tue, Jul 13, 2010 at 09:35:14AM +0100, Wols Lists wrote:
>   
>> On 13/07/10 06:38, Rudolf Polzer wrote:
>>     
>>> I have another such case where I would be upstream. I currently have a library
>>> that I am the only copyright holder of, that is currently under the LGPL and
>>> uses libgmp for big number arithmetics.
>>>
>>> However, if anyone wants to use the library commercially, he'd sure prefer a
>>> version of it that uses OpenSSL instead, as that gets rid of the requirement to
>>> have infrastructure to distribute the source code of the libraries in use,
>>> while personally I prefer the libgmp variant as it is about 10% faster in my
>>> use cases.
>>>
>>> The library uses libgmp, as the main intended use for my purposes is use as
>>> part of a program under the GPL.
>>>
>>> Now assume I do this:
>>>
>>> library.c - main code
>>> bignum-gmp.c - libgmp bignum wrapper
>>> bignum-openssl.c - openssl bignum wrapper
>>>
>>> and I change the license of library.c to a BSD-style license. Also, the library
>>> would by default compile against libgmp, and would have to explicitly told so
>>> in configure to use bignum-openssl.c instead.
>>>   
>>>       
>> Why change? Actually, I'd change and say the library is "LGPL with the
>> SSL exception".
>>     
> That would be incompatible to the regular GPL and make the library virtually
> unusable.
>   

Huh???!!!

"LGPL with exceptions" is compatible with LGPL (mixing it with LGPL
merely strips the exceptions). For an excellent example of this, look at
the GPL v3. The LGPL v3 is, quite literally, the GPL with exceptions.
You're simply adding yet another exception. (I think the GPL requires
all exceptions to be grants of extra *permissions*, so ANY GPL based
licence with exceptions MUST be compatible with the base licence because
all that happens is the exceptions disappear.)

Based on your logic, the LGPL would be incompatible with the GPL, and
also "virtually unusable".
>   
>> You're distributing source. You're in compliance with the GPL. What the
>> end user can/cannot do once they've compiled and linked is their problem
>> not yours.
>>     
> So it is fine if the source archive contains parts that are not GPL compatible,
> as long as these parts did not go into the binaries? For example, what if he
> README file is non-free? Or, the LICENSE file (the GPL's license text actually
> IS nonfree)?
>
> Basically: do I still fulfill
>
>     a) Accompany it with the complete corresponding machine-readable
>     source code, which must be distributed under the terms of Sections
>     1 and 2 above on a medium customarily used for software interchange; or,
>
> if also distribute files with the source code that are NOT distributed under
> these terms, but are not even read during the compilation process (and thus can
> be argued to be not part of the "complete corresponding machine-readable source
> code" the GPL requires, but an extra)?
>
>   
First of all, the licence covering the GPL is a perfect example. You're
mixing non-gpl stuff in with gpl stuff, with no problems.

Secondly, WHAT "complete corresponding machine-readable source code"?
The important word here is "corresponding", which, if there is no
binary, renders the entire clause MEANINGLESS because there is nothing
to correspond to!

For the purposes of the GPL, the source tarball is an *aggregation*, and
the GPL says that you mustn't interfere with the licencing of stuff
mixed in with yours if it's a "mere aggregation". Including the SSL
source (or even just binaries and no source!) isn't a problem - the GPL
insists you mustn't interfere. The ONLY time you have to include the SSL
source is if its code (in any form) is mixed in with a *binary* that
contains *someone elses* GPL code.

It seems to me you haven't read the GPL *CAREFULLY* and *COMPLETELY*. It
contains a load of *CONDITIONAL* requirements, and you're trying to
apply a clause (that only applies to *binaries*) to a *source* tarball.

So to your question in your other email about non-free sources that
aren't in your binary, that is no problem at all.

As for protecting your downstream users, just make sure that if they try
to switch on SSL functionality, make it display in large letters
"INCLUDING SSL FUNCTIONALITY MAKES THIS SOFTWARE NON-DISTRIBUTABLE".
Bear in mind that an "end user" CANNOT breach the GPL, because the GPL
explicitly says that use is ALWAYS permitted.

Cheers,
Wol

Reply to:

References:
- Re: Plugins for non-free software in orig.tar.gz
  - From: Francesco Poli <frx@firenze.linux.it>
- Re: Plugins for non-free software in orig.tar.gz
  - From: Francesco Poli <frx@firenze.linux.it>
- Re: Plugins for non-free software in orig.tar.gz
  - From: "Manuel A. Fernandez Montecelo" <manuel.montezelo@gmail.com>
- Re: Plugins for non-free software in orig.tar.gz
  - From: Francesco Poli <frx@firenze.linux.it>
- Re: Plugins for non-free software in orig.tar.gz
  - From: Rudolf Polzer <divVerent@alientrap.org>

Prev by Date: Re: Plugins for non-free software in orig.tar.gz
Next by Date: Re: Plugins for non-free software in orig.tar.gz
Previous by thread: Re: Plugins for non-free software in orig.tar.gz
Next by thread: Re: Plugins for non-free software in orig.tar.gz
Index(es):
- Date
- Thread