On Tue, Jun 10, 2008 at 06:38:19AM -0500, William Pitcock wrote:
> Here's some packages which are linked against OpenSSL and should not be
> (this is not an all exhaustive list, you should grep-dctrl on a Sources
> or something):
And what is grep-dctrl supposed to tell anyone? There are lots of packages
that build-depend on openssl. How do you intend for anyone to draw
conclusions based on the build-depends alone, without reference to license?
Or are you just trying to send anyone who disagrees with you on a fool's
errand, so they won't interfere with your ITP?
> - epic4 (impossible to get an exception, dead contributors)
debian/copyright shows a BSD license.
> - inspircd would but I chose not to build that module because they ship
> a gnutls one instead (charybdis is basically stuck with openssl due to
> using libcrypto directly)
... therefore not analogous, so why do you include it in this list?
> - oftc-hybrid (impossible to get an exception, dead contributors)
* As a special exception, the authors give permission to link the code of this
* release of oftc-hybrid with the OpenSSL project's "OpenSSL" library (or
* with modified versions of it that use the same license as the "OpenSSL"
* library), and distribute the linked executables. You must obey the GNU
* General Public License in all respects for all of the code used other than
* "OpenSSL". If you modify the code, you may extend this exception to your
* version of the files, but you are not obligated to do so. If you do not
* wish to do so, delete this exception statement from your version.
> - openvpn (may or may not have exception, more checking needed)
Has an exception, already mentioned.
> - xchat (might be possible to get an exception, but author doesn't care
> about GPL anyway, see also: Shareware XChat for win32)
License:
This program is released under the GPL v2 with the additional exemption
that compiling, linking, and/or using OpenSSL is allowed. You may
provide binary packages linked to the OpenSSL libraries, provided that
all other requirements of the GPL are met.
See file COPYING for details.
The debian/copyright on this one is rather horrid looking, it lists 6
licenses in a row with no indication of which license applies to what
components. This probably warrants a bug report for clarification; but at
first look, it appears that the effort has already been made to secure an
exception for the components that require it.
> - znc (status unknown, but i see no exception in the source)
In addition, as a special exception, the copyright holders give
permission to link the code of portions of this program with the
OpenSSL library under certain conditions as described in each
individual source file, and distribute linked combinations
including the two.
You must obey the GNU General Public License in all respects
for all of the code used other than OpenSSL. If you modify
file(s) with this exception, you may extend this exception to your
version of the file(s), but you are not obligated to do so. If you
do not wish to do so, delete this exception statement from your
version. If you delete this exception statement from all source
files in the program, then also delete it here.
> So, in the grand scheme of things, I don't really think one more package
> linked against OpenSSL is going to hurt anything.
No, you're the only one who seems to be playing fast and loose with
licensing here. *None* of the examples you've cited to try to support your
position appear to have the licensing problem in question; everyone else is
making a good-faith effort to get this right.
> If it makes you happy, I could bolt an exception on the code, but I
> doubt it would hold water due to the fact that there are dead copyright
> holders.
There are dead /authors/, not dead copyright holders. Dead people can't
hold copyright; copyright transfers to the heirs when the author dies.
The reason it wouldn't hold water is that exceptions have to be granted by
the copyright holders. You can't bolt an exception on *for* them, you need
to get this approved by the people who actually hold copyright on this code.
You can of course provide an exception for any of your own code, but that
doesn't result in a distributable binary package unless yours is the only
code used in the program that links to OpenSSL.
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer http://www.debian.org/
[EMAIL PROTECTED] [EMAIL PROTECTED]
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
