On Mon, 14 Sep 2015 20:20:21 +0200 Carles Fernandez wrote: > Dear all, Hello Carles, > > recently, I uploaded a package for gnss-sdr (http://mentors.debian.net/package/gnss-sdr <http://mentors.debian.net/package/gnss-sdr>). Thanks for contributing to Debian! > The package was rejected due to a conflict between GPL v3 and the OpenSSL license. From what I've got to know, the upstream license must include an exception to the GPL allowing linkage against OpenSSL. > > I’m also an upstream developer of such software, so I want to implement the required changes for package acceptance. These are the devised steps: [...] > We would like to ask if we are on the right path, and if there are any other requirements regarding this issue that we need to address from the upstream side. The steps seem fine to me, but I am afraid they are not enough. Any other library linked with gnss-sdr has to be compatible with OpenSSL. Hence, if gnss-sdr links with other GPL-licensed libraries lacking the OpenSSL exception, you will have to persuade their copyright holders to also add the OpenSSL exception. If I understand correctly, there are at least libuhd and libgnuradio, which are linked with gnss-sdr, are GPL-licensed without any OpenSSL exception. I guess the FSF is unlikely to be persuaded to add an OpenSSL linking exception... An alternative approach may be: drop OpenSSL entirely, and link with some GPL-compatible TLS/SSL implementation instead (such as libgnutls or libnss or anything else fit for the purpose). A third alternative strategy is: be patient, and wait for OpenSSL to switch to a saner license. It seems that some progress on this front has been (unexpectedly) made on August the 1st, 2015: https://www.openssl.org/blog/blog/2015/08/01/cla/ The announced plan is to switch to the Apache License version 2.0, which is GPLv3-compatible (although still GPLv2-incompatible...). I am not aware of any more recent news on this, though. BTW, I am not happy about the CLA part and I would be much happier, if they decided to switch to a simpler and more all-compatible license (such as the 3-clause BSD license, or the Expat license, or the zlib license), but that's another story... I hope this helps a little bit. Please take into account that what I wrote is my own personal take on the matter: I do *not* speak on behalf of the Debian Project. And it's *not* legal advice (I am *not* a lawyer). Bye. -- http://www.inventati.org/frx/ There's not a second to spare! To the laboratory! ..................................................... Francesco Poli . GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE
Attachment:
pgpyu4fweg_co.pgp
Description: PGP signature