Freek Dijkstra <[EMAIL PROTECTED]> wrote: > Netatalk CAN be linked against openssl, to provide password encryption. > The current package in sarge (testing) is not linked against OpenSSL, so all > passwords are sent in clear text over the line.
Right. Which, arguably, makes a small part of netatalk a derivative work of openssl. And since netatalk is a derivative work of other people's GPLed code, this results in license issues. Of course, nobody is actually going to sue over this. > Does this, in any way, according to you, change if netatalk, linked against > OpenSSL is allowed to be distributed? > I am aware of the statment made at > http://www.gnu.org/licenses/gpl-faq.html#GPLIncompatibleLibs > stating, that, in some cases, you can just distribute the packages without > making an exception to the GPL (which the provider is willing, but unable to > make). Yes. That only applies if the component does not accompany the executable. Debian's position is that everything inside Debian accompanies everything else, so the exemption in the GPL is not applicable to anything we distribute. > However, I do not entirally understand what is being said there. I (and the > current package maintainer) completely really on that "someone on > debian-legel" says that "GPL software linked against OpenSSL is not allowed > in the main archive without either a license exemption from the upstream > author of the GPL package" > source: http://lists.debian.org/debian-legal/2002/10/msg00173.html GPLed software linked against OpenSSL is not legal to distribute, in main or elsewhere. There is an argument that it would be illegal to distribute the source as well. I find this line of argument unlikely, but the FSF occasionally appear to use it. -- Matthew Garrett | [EMAIL PROTECTED]
