Re: Updating the fis-gtm package to V6.2-000

To: <debian-med@lists.debian.org>
Subject: Re: Updating the fis-gtm package to V6.2-000
From: "Bhaskar, K.S" <ks.bhaskar@fisglobal.com>
Date: Mon, 6 Oct 2014 09:31:52 -0400
Message-id: <[🔎] 543299C8.3060909@fisglobal.com>
Reply-to: "K.S. Bhaskar" <ks.bhaskar@fisglobal.com>
In-reply-to: <[🔎] alpine.DEB.2.02.1410061249040.19231@jupiter.server.alteholz.net>
References: <1411532722.503536.171076653.20FBBFB0@webmail.messagingengine.com> <20140924124334.GF20905@an3as.eu> <5422CA0E.6070305@fisglobal.com> <20140924201108.GE6849@an3as.eu> <FC737AF506DB9B40B931FCDFBDFAF2F65431D8E6@LTCFISWMSGMB26.FNFIS.com> <1411789828.2018718.172305605.393AF85D@webmail.messagingengine.com> <20140927065652.GA21048@an3as.eu> <542972CF.8000100@fisglobal.com> <20140929160415.GD25167@an3as.eu> <alpine.DEB.2.02.1409292006420.29511@jupiter.server.alteholz.net> <5429AA31.9090508@fisglobal.com> <alpine.DEB.2.02.1409300846530.7225@jupiter.server.alteholz.net> <[🔎] 542DD263.50706@fisglobal.com> <[🔎] alpine.DEB.2.02.1410061249040.19231@jupiter.server.alteholz.net>

Thorsten --

I'll digest your comments in detail once I get out of conference calls
and meetings, but the short answer to changing the license is that
running anything through Legal will take more time than we have available.

Regards
-- Bhaskar

On 10/06/2014 07:55 AM, Thorsten Alteholz wrote:
> Hi Bhaskar,
>
> On Thu, 2 Oct 2014, Bhaskar, K.S wrote:
>> [KSB] Those *openssl* files are versions of the reference
>> implementation of
>> the plugin compiled with #include, #if, etc. configured to call call
>> OpenSSL.  They are not actually linked to OpenSSL or other libraries -
>> linking happens dynamically. 
>
> Oh, come on, why should it matter whether you are linking at compile
> time or at run time? In both cases the result is a combined binary.
>
>> kbhaskar@bhaskark:~$ ls -l
>> /usr/lib/fis-gtm/V6.2-000_x86_64/plugin/lib*crypt*
>> /usr/lib/fis-gtm/V6.2-000_x86_64/plugin/libgtmcrypt_openssl_AES256CFB.so
>> -r-xr-xr-x 1 root root 40056 Sep 18 15:45
>> /usr/lib/fis-gtm/V6.2-000_x86_64/plugin/libgtmcrypt_openssl_BLOWFISHCFB.so
>>
>> lrwxrwxrwx 1 root root    33 Sep 18 15:45
>> kbhaskar@bhaskark:~$
>
> Yes and when you look with ldd at libgtmcrypt_openssl* you see that
> libssl is needed.
>
>> Most of the discussion of license interaction between copyleft and
>> non-copyleft licenses at en.wikipedia.org/wiki/GNU_General_Public_License
>> pertain to software used under non-copyleft licenses requesting services
>> from (I deliberately avoid the use of "linking to") software used under
>> non-copyleft licenses.  In this case, we have the reverse - a copyleft
>> software (GT.M) requesting services from non-copyleft software
>> (OpenSSL). 
>> Regardless, it appears that there are different schools of thought on
>> this.
>
> Hmm, so why do you think that almost all GPL software that links to
> OpenSSL has a special OpenSSL exception? I am afraid such discussions have
> been made frequently ...
>
>>  *  Include a statement in the README that says something like: As
>> dynamic
>>     linking by the reference implementation of the plugin to software
>> such
>>     as cryptographic libraries that are released under non-copyleft
>> licenses
>>     is not considered to create a derivative work, there is no
>> interaction
>>     between the license used for GT.M and those of cryptographic
>> libraries.
>>  *  Remove any claim of copyright from the reference implementation of
>> the
>>     plugin (i.e., place the reference implementation in the public
>> domain).
>>  *  Remove the precompiled versions of the reference implementation of
>> the
>>     plugin from the distribution and include only the source of the
>> plugin
>>     (as I noted earlier, the GT.M binary distribution includes source
>> code
>>     for the reference implementation of the plugin).  Use the
>> post-install
>>     script to compile the reference implementation of the plugin.
>>
>> Thorsten, please let me know what you think.
>
> I don't understand why you don't want to go the easy way? As you
> consider to remove the license in 2), why don't you just add the
> exception to your license text? Otherwise the last proposal would be fine.
>
>  Thorsten

-- 
GT.M - Rock solid. Lightning fast. Secure. No compromises.

_____________
The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you.

Reply to:

References:
- Re: Updating the fis-gtm package to V6.2-000
  - From: "Bhaskar, K.S" <ks.bhaskar@fisglobal.com>
- Re: Updating the fis-gtm package to V6.2-000
  - From: Thorsten Alteholz <debian-med@alteholz.de>

Prev by Date: Re: Updating the fis-gtm package to V6.2-000
Next by Date: Re: Error while loading shared libraries
Previous by thread: Re: Updating the fis-gtm package to V6.2-000
Next by thread: Re: Updating the fis-gtm package to V6.2-000
Index(es):
- Date
- Thread