On 06/27/2012 01:54 PM, Guy Hulbert wrote:
> Define "derivative". Until it's compiled, it's not.
Right. Unfortunately for debian, and any other binary distributor of
CPAN modules, we distribute it compiled.
> Tha *compiler*. So it might be a problem for Debian except that Debian
> is NOT using the string "OpenSSL". It is using the lower-case version.
> So there's no violation ... though IANAL.
Wow, there's a way to thread the needle that hadn't occurred to me. Was
this what you were trying to point out before? I have my doubts about
the legitimacy of the case of the package name as a differentiator,
frankly, but i suppose that's one approach to take. Should we also
change the case of the man pages and the paths to the .pm files?
> IMO, if Debian is to do anything, it should first contact the "OpenSSL
> Project" to see if there's a problem. Harassing CPAN authors seems
> premature to me.
I'm not sure how the debian project can ask the OpenSSL project for
written permission to use the string in these projects, since:
(a) debian can't accept a debian-specific license exception (see the
DFSG for details), and
(b) debian isn't the CPAN upstream author.
A successful request by CPAN module authors to the OpenSSL project to
get approval for the use of the name would resolve the issue for *all*
binary distributors of CPAN modules, afaict.
I'm not sure what we would gain from a request from debian. If OpenSSL
says "sure, you can do that in debian", then we leave our derivatives
and distributors (and other users) exposed to an ambiguous license that
could be used against them, which is contrary to the DSC.
It seems like the CPAN module authors are going to have to be involved
("harrassed") somehow, unless "openssl" is considered sufficiently
different from "OpenSSL" to invalidate stanza 5 of the OpenSSL license.
--dkg
Attachment:
signature.asc
Description: OpenPGP digital signature