On 30/03/17 08:05, Andrey Rahmatullin wrote: > On Wed, Mar 29, 2017 at 11:10:01PM +0200, Carlos Alberto Lopez Perez wrote: >> Apache 2.0 is compatible with GPLv3 [1] (therefore also with GPLv2+). > It's more complicated than "therefore also". > Imagine a GPL2+ program library linked with a GPL2 library. Now also link > this program with an Apache 2.0 library. What happens? > I agree its more complicated. But usually what happens is this: For several Linux distributions: nothing happens because they have already declared OpenSSL a system library. For Debian: the maintainer reports a bug to the author of the GPLv2 library so they add an exception to link with the OpenSSL. The upstream maintainer either can't do that because its unable to contact every author of the software or doesn't care and thinks this is a Debian specific issue. The Debian maintainer either abandons here or takes into the task of implementing a patch that uses libgcrypt or similar instead of OpenSSL. It can happen that the Debian maintainer simply disables the feature that uses OpenSSL (if that is an option)
Attachment:
signature.asc
Description: OpenPGP digital signature