[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: kamailio tls module and GPL openssl linking exception

Hi Victor,

On Tue, Nov 12, 2013 at 11:22:08AM +0100, Victor Seva wrote:

> I'm the maintainer of the Kamailio package and I would like to push
> the inclusion of the openssl linking exception to upstream but I'm not
> sure about what parts of the upstream program should be changed in
> order to satisfy the GPL.

> Kamailio is a project with more that 10 years of existence and it's
> almost impossible to contact every single author of every single part
> of the program, but
> AFAIK it's quite possible to be able to add the exception to the core
> of the program.

> Kamailio runs with a core process that loads the user's configured
> plugins. The tls module is the only module that needs openssl to run.
> This module provides the ability to use a TLS transport and the core
> process is the one that creates and maintains the different
> transports.

> For sure that any plugin can use the provided transports, but all of
> them are using the core functions/structures to connect. They never
> connect directly to the tls module by themselves.

> Modules are being packaged by groups and the tls module will have it's
> own package. The kamailio program can be used without the tls module.

> Upstream is willing to add the openssl exception to core files but we
> want to be sure that this is enough to satisfy the GPL.

The only bits of the code that you need an OpenSSL exception on are the bits
that are "linked" to OpenSSL out of the box.  However, the meaning of
"linked" isn't the most obvious one.  If you're only providing the tls
module as an optional, never-installed-by-default plugin, then it's just a
plugin and only the plugin code needs to have an OpenSSL exception attached
to it.  If, however, you are enabling the tls plugin *by default* - for
instance, by providing a metapackage that pulls the two separate packages in
together, or by having a Recommends: that automatically pulls the tls module
in and automatically activates it - then effectively, you as the maintainers
are creating the combined work which links against OpenSSL.  You can then no
longer rely on it being a plugin to keep it at arm's length, and you would
need an OpenSSL exception on /all/ of the code.

Hope that helps,
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
slangasek@ubuntu.com                                     vorlon@debian.org

Attachment: signature.asc
Description: Digital signature

Reply to: