On Tue, Jan 14, 2014 at 10:53 AM, Didier 'OdyX' Raboud <o...@debian.org> wrote: > Le lundi, 13 janvier 2014, 17.38:12 Didier Raboud a écrit : >> Le samedi, 11 janvier 2014, 14.22:28 Daniel Kahn Gillmor a écrit : >> > 0) ask CUPS to move from GPL2 to GPL2+ (with or without OpenSSL >> > exception) >> >> As asking generally can't hurt, I have filed >> https://cups.org/str.php?L4337 on the upstream bugtracker to discuss >> that. I'll keep the list posted. > > The answer came back faster than I expected and is public [1], I'm > quoting it here for completeness' sake: > > Le lundi, 13 janvier 2014, 14:24:33 Michael Sweet a écrit : >> We cannot, for a number of legal and (Apple) liability reasons, >> relicense CUPS as [L]GPL2+. It will never happen. >> >> OpenSSL support has been removed from the CUPS 2.0 source code and is >> not an option. >> >> That leaves you with using GnuTLS ([L]GPL2/3) or porting Apple's >> CDSA/Security code (Apache license), although the Apache license may >> not be GPL3 compatible according to the FSF. Given that GnuTLS is >> included with basically every Linux distribution as a standard OS >> component, it SHOULD automatically fall under the [L]GPL2/3 exception >> for system libraries (just as OpenSSL should have fallen under the >> same exception...) If not, then I humbly suggest you talk to the FSF. > > Now, for the set of options he described: > > 1) OpenSSL > As he claims that OpenSSL has been removed from the master CUPS > branch, I think that this, by itself, disqualifies the linking of > libcups2 against OpenSSL, as it would be a dead end. > > 2) GnuTLS > 2.x is useable but deprecated, 3.x is GPLv3+ through GMP. We're back > to "talk to the FSF to license GMP back to LGPLv2+" > > 3) Apple CDSA / libsecurity > From [1], this is currently being deprecated by Apple from OSX v10.7. > Also, it licensed under the APSL [Apple Public Source License] which > is incompatible with the GPL. It isn't packaged in Debian as far as I > could find.
4/ Port to lib nss using comptability layer. > So in the current situation, I don't see any good long-term solution but > a port to another license-compatible library such as polarssl… > > Cheers, > OdyX > > [1] And GPG-signed: > http://www.cups.org/pipermail/cups-devel/2014-January/014768.html > > -- > debian-science-maintainers mailing list > debian-science-maintain...@lists.alioth.debian.org > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/debian-science-maintainers -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAE2SPAYVsY1qLW2x7RYZ+6thoT=r48xqgrdt-qkzer8rrmm...@mail.gmail.com
