On 30/03/17 10:44, Jonas Smedegaard wrote: > Quoting Carlos Alberto Lopez Perez (2017-03-30 05:08:24) >> On 30/03/17 03:11, Clint Byrum wrote: >>> Excerpts from Carlos Alberto Lopez Perez's message of 2017-03-30 02:49:04 +0200: >>>> I understand that Debian wants to take a position of zero (or >>>> minimal) risk, and I also understand the desire to respect the >>>> interpretation of the FSF about the GPL (they don't think this two >>>> licenses are compatibles). >>>> >>> >>> I believe that this is a fundamental difference between RedHat and >>> Debian. >>> >>> RedHat is going to do everything within the law and inside their >>> values for a profit. Their values don't include a strict adherence >>> to the wishes of copyright holders, but strict adherence to the law. >>> >>> But our values do include respect for copyright holder rights. So >>> while we can probably get away with this legally, it's been decided >>> (a few times?) that without the GPL licensor's consent, we can't in >>> good faith produce a combination of OpenSSL and a GPL program. >>> >> >> Just a simple question: >> >> Do you (or anyone else) _really_ think the copyright holders of the >> GPL program in question had any intention ever of not allowing their >> program to be used along with OpenSSL, when they where the ones >> implementing support for using it on the first place? > > Yes, I believe so. > > As a concrete example, the Netatalk project has for many years released > code with plugins linking to OpenSSL, but has not added an exception. > Authors of Netatalk try to make a living out of commercial support for > their product, and I genuinely think it is in their interest to make it > possible to use strong crypto - for personal use - but not allow > redistribution of binaries with strong crypto. > > > - Jonas > Do you have any link or resource that can back what you say here? I didn't knew about the Netatalk project, but after Googling about this issue I only see an upstream frustrated because they are unable to re-license [1], as they are unable to contact all the contributors the project has. As you can imagine, any successfully open source project will accumulate hundreds of contributors along the years (at least 17 years [2] in this case). Contacting them may be simple just impossible (people change of email address all the time, people also pass away, and people can just simply ignore the mail because they are busy with some other stuff). On top of that, the incentive to take into doing this hard work is not very big, as either not all downstreams take this issue with the GPL and OpenSSL as far as Debian, or they include OpenSSL as a system library. I also see Netatalk was shipped until Fedora 23 with OpenSSL support! [3], until it was retired because nobody cared to keep maintaining it [4]. IMHO: if your business model is to sell pre-built binaries with some feature, its better that you keep this feature with the right license that prohibits distributing it and forces everyone to build from sources, rather than relying on some incompatibility between the GPL and OpenSSL that is not going to stop anyone but Debian and its derivatives from shipping it. Regards ------- [1] https://lists.debian.org/debian-legal/2004/08/msg00184.html https://sourceforge.net/p/netatalk/feature-requests/33/ [2] https://github.com/Netatalk/Netatalk/commit/31843674b7bd32eabcce3a1ad6159b4f94921f79#diff-cf45edbe4d45d61b0f0ce5e9eaeb38bcR82 [3] http://pkgs.fedoraproject.org/cgit/rpms/netatalk.git/tree/netatalk.spec?h=f23#n84 [4] http://pkgs.fedoraproject.org/cgit/rpms/netatalk.git/commit/?id=81611ededd7b668145715779723c60d84ef74003
Attachment:
signature.asc
Description: OpenPGP digital signature