On 30/03/17 00:24, Philipp Kern wrote: > On 03/29/2017 11:10 PM, Carlos Alberto Lopez Perez wrote: >> So, the best case situation (IMHO) would be that a lawyer tell us that >> Apache 2.0 is also compatible with GPLv2-only, and that we stop playing >> the game of being amateur lawyers instead of software developers. > > But that's not how the law works in the US. Without actual litigation > and precedent, the most you'll get is a risk assessment of getting sued > and your likelihood of winning if so. :) > > Kind regards and IANAL > Philipp Kern > > Right. That is how it also works in Spain, and I suspect that in many other countries work the same way. I understand that Debian wants to take a position of zero (or minimal) risk, and I also understand the desire to respect the interpretation of the FSF about the GPL (they don't think this two licenses are compatibles). So that's fine. However, I still don't understand why we don't just declare OpenSSL a system library; or at least define a clear policy for when a package is considered part of the base system (so the GPL system exception applies to it). RedHat did this (see me previous (by date) mail on this thread), and they didn't had any problem in this regard (AFAIK).
Description: OpenPGP digital signature