On Thu, Jul 28, 2016 at 02:38:47PM -0700, Josh Triplett wrote: > I don't speak for libgit2 upstream, but yes, that license exception > allows linking libgit2 with arbitrary non-GPL-compatible software, > including OpenSSL.
Perfect, thank you for the confirmation. Upstream intended the linking exception to apply to OpenSSL [1]. > That said, libgit2-dev defaults to using libcurl for https URLs rather > than using OpenSSL directly; see THREADING.md, section "General Case". > In such a configuration, libgit2 doesn't link to any SSL library itself, > and just uses whatever libcurl and libssh2 use. In Debian, the libgit2 > package uses the variant of libcurl that uses GnuTLS (I made that change > in my NMU), and the libssh2 library uses libgcrypt, so libgit2 has no > direct *or* indirect dependencies on OpenSSL. So, packages licensed > under GPLv2 with no license exceptions can link to libgit2 in Debian. Unfortunately, libgit2 is unable to clone https:// repositories if not linked directly to OpenSSL. I will follow up in a bug against libgit2. Regards, Peter [1] https://github.com/libgit2/libgit2/pull/3462#issuecomment-235990380
