On Sat, 2022-01-08 at 16:54 +0100, Andrea Pappacoda wrote: > (correct me if I'm wrong, but I believe that using Apache-2.0 libraries in GPL > software is not allowed). It depends on the version of the GPL at play. If it's GPL 3.0 (or later), then Apache 2.0 is usually regarded as fully compatible with it, so that they may be combined in the same work. However, the Apache 2.0 license is generally regarded as incompatible with GPL < 3.0. This is due to Apache 2.0 having a patent clause, meanwhile the GPL before 3.0 doesn't have one. > MbedTLS is usually released under the terms of the Apache 2.0 license, > while LTS versions are licensed under the Apache-2.0 OR > GPL-2.0-or-later, a thing that many users really appreciate Indeed, sticking to LTS releases may be quite important for this reason if there's any GPL-2.0-only software in Debian utilizing mbed TLS.
Attachment:
signature.asc
Description: This is a digitally signed message part