[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#595446: ntop: GPL code links openssl without a license exception



On Fri, 10 Sep 2010 10:48:25 -0400 jordan@linuxgen.com wrote:

[...]
> Luca,
> 
> It seems I forgot to CC the bug report as well as Ola on this email. I will be including debina-legal
> on this one as well, as IANAL. 
> 
> Thank you for including the exception in your license. There is still a problem however.
[...]
> Do you mind re-releasing this tarball provided that debian-legal does not chime in and
> tell us it is not required?

I am not sure a re-release is really needed, but I'll leave that for
other debian-legal regulars to comment on.

It seems to me that there's another problem, though!

It looks like ntop links with other libraries, some of which appear to
be released under the terms of the GNU GPL.
At a first glance (by looking at the package dependencies only, an ldd
check is encouraged), I spotted
http://packages.debian.org/sid/libgdbm3
and maybe
http://packages.debian.org/sid/libfreetype6
(which is dual-licensed under the GPL and a custom license, I still
have to check the latter license and see if it is compatible with
OpenSSL...)

If all this is confirmed, I would say that adding an OpenSSL linking
exception to ntop is not enough to solve the compatibility issue
between ntop and OpenSSL.
It seems to me that the same linking exception is needed for the linked
GPL'ed libraries, as well, and should obviously be asked to their
copyright holders.

As a side note, libgdbm3 is copyrighted by the FSF: I guess an OpenSSL
linking exception will be difficult to obtain for that library...


In summary, I think the best way to solve this issue is porting ntop to
GNUTLS.

-- 
 http://www.inventati.org/frx/progs/scripts/pdebuild-hooks.html
 Need some pdebuild hook scripts?
..................................................... Francesco Poli .
 GnuPG key fpr == C979 F34B 27CE 5CD8 DC12  31B5 78F4 279B DD6D FCF4

Attachment: pgpa6nAcCpef3.pgp
Description: PGP signature


Reply to: