[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#506040: Status of ceph ITP?

On Thu, Dec 2, 2010 at 8:57 AM, Laszlo Boszormenyi <gcs@debian.hu> wrote:
> Hi Clint,
>
> On Wed, 2010-12-01 at 23:19 -0800, Clint Byrum wrote:
>> On Thu, 2010-12-02 at 01:30 +0100, Laszlo Boszormenyi wrote:
>> Essentially, as long as the files don't have a license that conflicts
>> with COPYING, then there's no need for a license header.
>  Got a confirmation from an FTP Assistant, Mike O'Connor; he says
> exactly the same. "Its not required, for instance, that every
> single .h .c file etc have a license information, as long as it can be
> reasonably assumed that we know the copyright holders' intention. When
> the upstream author says "i'm the copyright holder for everything in the
> src directory, and its distributable under the LGPL, we'll assume this
> to be correct unless there is something that indicates otherwise."
> I just have a memory that recently a package was rejected due to this,
> but I assume it neither had the license information in
> debian/copyright .
>
>> Laszlo, I did a thorough review of the licensing before working to get
>> ceph uploaded to Ubuntu, but I wasn't aware of the incompatibility
>> between the GPL/LGPL and OpenSSL. This page details it pretty well:
>>
>> http://people.gnome.org/~markmc/openssl-and-the-gpl.html
>  Please note two things. First is the bottom line of the page which
> says: "Usual disclaimers apply, I've no legal background whatsoever,
> don't trust a word I say ... I'm quite probably completely wrong." and
> it was written in 2004. More recently, three months ago a bug was
> filed[1] in Debian that states there's indeed a need for that license
> exception for a GPL programs.
>  On the other hand, yes, I do realize that ceph is mostly LGPL which may
> or may not need this exception. Just found a conversation on
> debian-legal, where the second message[2] states: "There is no need for
> an OpenSSL exception for a LGPL-licensed work."; thus I'm ready to
> upload ceph as soon as the two missing manpages are written.
>
>> Also Sage, if the other authors (or you) are not comfortable with the
>> OpenSSL advertising clause, there's always GNUTLS which exists in large
>> part to address this sort of thing.
>  Rewrite the SSL part may not be that easy, but see above that it seems
> it's not needed for LGPL sources.

I removed all the openssl references in the ceph code and replaced it
with crypto++, so hopefully all this discussion is now moot. It's all
pushed to the ceph rc branch. I tried using gnutls, but it didn't
quite fit ceph's needs (only requires a few lower level crypto
functions and it seems that gnutls hasn't exported those up until
recently or at least I haven't found an easy way to do this).
IANAL but for my untrained eyes the crypto++ seems ok in terms of GPL
compatibility. Although most of ceph's code is LGPL, we do have a
couple of utilities that are licensed as GPL and might pose a license
conflict, so removing openssl seems the best road to choose.

Yehuda
Reply to: