[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Please recompile packages against libmysqlclient12.

[Should this thread be carried over to debian-devel?]

On Mon, Apr 14, 2003 at 01:25:28PM +0200, Sander Smeenk wrote:
> Quoting Wichert Akkerman (wichert@wiggy.net):
> > Previously Marek Habersack wrote:
> > > What about a case as mine - Pike 7.4 is MPL/GPL/LGPL. How does that look in
> > > this situation?
> > You might get away with the MPL/LGPL options, but you should probably
> > ask for confirmation on debian-legal.

> So, what *am* I supposed to do? Rebuild against libmysqlclient12
> and break licenses? Not rebuild and have an uninstallable snort-mysql? 

The libmysqlclient10 package (src: libmysqlclient-lgpl) was uploaded to
the archive last night, and is now in the hands of the ftpmasters (NEW
processing).  Packages which must (or choose to) link against the LGPL
variant will be installable again soon.

I've heard the suggestion a couple of times that we should try to
persuade upstream to recant their license change.  It's fine with me if
people want to do that, but I think this license change was deliberate;
and if they can be persuaded, it will still take a fairly long time.
Until then, there needs to be an LGPL fork of libmysqlclient, or we need
to file RC bugs against almost all MySQL using packages. :-)

> Should we massively ask permission to explicitly link against OpenSSL
> from the OpenSSL upstream? It was something like that, right? You were
> supposed to ask permission to link against OpenSSL.

No, the issue is that OpenSSL's license is not GPL compatible; binaries
of GPL software linked against OpenSSL are not distributable, because the
*GPL* prohibits this when the entire work cannot be distributed under the
GPL.  This is why you must ask the upstream of your GPL software for a
license exception if you need to do this.

There's also no wiggle room for "indirect linking" arguments, because
Debian is distributed as a cohesive whole: if we distribute GPL app foo
linked against LGPL library bar, and Debian's copy of libbar is linked
against OpenSSL, you cannot argue that it was not our intent to
distribute a copy of foo that depends on OpenSSL -- if it was, we should
have provided a copy of libbar that was *not* linked against OpenSSL.

Steve Langasek
postmodern programmer

Attachment: pgpEFY98IUXiV.pgp
Description: PGP signature

Reply to: