Re: RFS: jabbin

To: debian-mentors@lists.debian.org
Subject: Re: RFS: jabbin
From: "Andrew Donnellan" <ajdlinux@gmail.com>
Date: Sun, 28 Jan 2007 08:03:13 +1100
Message-id: <[🔎] 1007a32a0701271303n3991c067k4e445c758c5e071d@mail.gmail.com>
In-reply-to: <[🔎] 20070127112341.GA2912@pcpool00.mathematik.uni-freiburg.de>
References: <[🔎] 1007a32a0701251435q3a6c4437u81838e304e7e422a@mail.gmail.com> <[🔎] 20070126103124.GA19896@pcpool00.mathematik.uni-freiburg.de> <[🔎] 1007a32a0701260307q116cdc3cm49e960e0767fd25b@mail.gmail.com> <[🔎] 20070127112341.GA2912@pcpool00.mathematik.uni-freiburg.de>

On 1/27/07, Bernhard R. Link <brlink@debian.org> wrote:

If a program contains code that is only available under GPL, GPL
requests for all the program being available under GPL without
additional restrictions. OpenSSL has multiple such additional
restrictions (like 'Products derived from this software may not be
called "OpenSSL"[...]' or 'All advertising materials mentioning
features or use of this software must display the following
acknowledgment: [...]'), so a program with GPL-only code linking[1]
with OpenSSL is not distributeable at all.

So a GPL program linking with OpenSSL is not possible, but a
"GPL and additional permissions to allow that" program can link
with OpenSSL. But that of course needs two things, namely
1) all GPL code included having that additional permission
2) the conditions for this permission have to be matched.


Understood. I wasn't aware that OpenSSL was used.


1) should be no problem if your debian/copyright is correct and list
all licenses.

2) the license listed there for the main program gives the following
additional (over GPL) permissions:

|   As a special exception, the copyright holder(s) give permission to link
|   this program with the Qt Library (commercial or non-commercial edition),
|   and distribute the resulting executable, without including the source
|   code for the Qt library in the source distribution.

This clearly gives no permission for linking with OpenSSL, so lets look
at the next paragraph:

|   As a special exception, the copyright holder(s) give permission to link
|   this program with any other library, and distribute the resulting
|   executable, without including the source code for the library in the
|   source distribution, provided that the library interfaces with this
|   program only via the following plugin interfaces:
|
|     1. The Qt Plugin APIs, only as authored by Trolltech
|     2. The QCA Plugin API, only as authored by Justin Karneges

That seems to be the clause intended to allow linking to OpenSSL,
but only when it is only linked via a Qt or QCA plugin.


I'll have to look into the actual linking process and where it is
linked, as well as how libjingle is used.


But e.g. /3party/libjingle/talk/base/ssladapter.cc does
#include <openssl/[...]>, which indicated that it might be intended
to be linked with openSSL and might be done so when building a package.
In this case it looks like that file is only used in the windows build,
so it most likely no problem. But having for each of those files to think
about why it causes no problem, makes it quite some work for a sponsor.
If your source package included a short explaination for each such file
why it is no problem, you would help a sponsor quite a lot to sponsor it.
(and I guess FTP-masters, too, when they have to look at it)


I'll document all licenses.


While all files including openssl headers seem to be not used under Linux
(at least when looking as shallow at it as I did), what puzzles me more is
unix:LIBS += -lssl in voip.pri. Perhaps the easiest way is to just remove
it. If nothing breaks then it can just be removed, if something breaks one
has to look what part is using ssl.


SSL is required for use with Google Talk, so unfortunately I don't
think it can be removed without making it mostly useless. However I
think that it uses QCA for that.


If something is mixing GPL and OpenSSL code there mainly three
possibilities:

1) rewriting to not use OpenSSL but e.g. gnutls
2) rewriting to use it in a way allowed by your permissions (i.e. over qca)


I believe the critical SSL stuff is done using QCA. The SSL files in
libjingle may be extraneous. I'll check what you said about the
voip.pri file linking directly to libssl.

3) get additional permissions from all copyright holders in code with not
enough permissions.


May be quite difficult considering that means the whole of Psi upstream...

Thanks,
--
Andrew Donnellan
ajdlinuxATgmailDOTcom (primary)    ajdlinuxATexemailDOTcomDOTau (secure)
http://andrewdonnellan.com         http://ajdlinux.wordpress.com
ajdlinux@jabber.org.au             hkp://subkeys.pgp.net 0x5D4C0C58
           http://linux.org.au    http://debian.org
       Get free rewards - http://ezyrewards.com/?id=23484

Reply to:

Follow-Ups:
- Re: RFS: jabbin
  - From: Damyan Ivanov <dam@modsoftsys.com>

References:
- RFS: jabbin
  - From: "Andrew Donnellan" <ajdlinux@gmail.com>
- Re: RFS: jabbin
  - From: "Bernhard R. Link" <brlink@debian.org>
- Re: RFS: jabbin
  - From: "Andrew Donnellan" <ajdlinux@gmail.com>
- Re: RFS: jabbin
  - From: "Bernhard R. Link" <brlink@debian.org>

Prev by Date: Re: bzr branch and C-c interrupt - should it do cleanup
Next by Date: (disregard) Re: bzr branch and C-c interrupt - should it do cleanup
Previous by thread: Re: RFS: jabbin
Next by thread: Re: RFS: jabbin
Index(es):
- Date
- Thread