Florian Weimer schrieb:
> Would it be possible to get real legal advice on this matter, with the
> concrete goal to find a usable process to leverage the system library
> exception in the GPLv2?
We should have done that a decade ago...
The SFLC can probably help, but an official request to them
* Andreas Metzler:
> Problems:
> -
> GnuTLS 2.12.x is dated. It is upstream's old-old-old stable release
> (followed by 3.[012].x). The latest bugfix release happened in
> February 2012, later security fixes have not been solved by releases but
> by patches in GIT. GnuTLS 2.12.x does not w
Carlos Alberto Lopez Perez wrote:
> On 28/01/14 16:53, Andreas Metzler wrote:
>> There seems to be some good news:
>> https://gmplib.org/repo/gmp/rev/02634effbd4e
>> | Update library files license to use LGPL3+ and GPL2+.
> Do you know what motivated the change?
> Was because of the license issue
On 28/01/14 16:53, Andreas Metzler wrote:
> There seems to be some good news:
> https://gmplib.org/repo/gmp/rev/02634effbd4e
> | Update library files license to use LGPL3+ and GPL2+.
Do you know what motivated the change?
Was because of the license issue in Debian?
signature.asc
Description: Op
Andreas Metzler wrote:
> Debian ist still relying heavily on GnuTLS 2.12.x, and I do not think
> this is sustainable for much longer.
> State of Play:
> -
> In July 2011 with version 3.0 [1] GnuTLS switched to Nettle as only
> supported crypto backend. Nettle requires GMP.
> GnuTLS and N
On 11/01/14 17:37, Игорь Пашев wrote:
> Do I understand correctly the following:
>
> Application M under the MIT license linked to LGPL3 library L - ok
> Application C under the CDDL license linked to LGPL3 library L - ok
> Application G under the GPL3 license linked to LGPL3 library L - ok,
> all
Kurt Roeckx wrote:
[gnutls28 debian copyright file]
> It seems to me that the copyright file contradicts itself,
> and that not only GMP is under LGPLv3+
Thank you for pointing this out, it is a piece if outdated information.
I will fix the Debian copyright file to reflect upstream's current
lic
On Sun, Dec 22, 2013 at 08:12:40PM +0100, Andreas Metzler wrote:
> Hello,
>
> Debian ist still relying heavily on GnuTLS 2.12.x, and I do not think
> this is sustainable for much longer.
>
> State of Play:
> -
> In July 2011 with version 3.0 [1] GnuTLS switched to Nettle as only
> support
On Sat, Jan 11, 2014 at 05:24:16PM +, Ben Hutchings wrote:
> On Sat, 2014-01-11 at 17:55 +0100, Didier 'OdyX' Raboud wrote:
> > Hi all,
> >
> > this "GnuTLS in Debian" thread triggered my switch of the src:cups
> > package from linking agai
On Sat, 2014-01-11 at 21:37 +0400, Игорь Пашев wrote:
> Do I understand correctly the following:
>
> Application M under the MIT license linked to LGPL3 library L - ok
> Application C under the CDDL license linked to LGPL3 library L - ok
> Application G under the GPL3 license linked to LGPL3 libra
On Sat, 2014-01-11 at 17:55 +0100, Didier 'OdyX' Raboud wrote:
> Hi all,
>
> this "GnuTLS in Debian" thread triggered my switch of the src:cups
> package from linking against GnuTLS to now link against OpenSSL. CUPS is
> GPL-2 only with an OpenSSL exception.
Do I understand correctly the following:
Application M under the MIT license linked to LGPL3 library L - ok
Application C under the CDDL license linked to LGPL3 library L - ok
Application G under the GPL3 license linked to LGPL3 library L - ok,
all under GPL3
Bang!
Application M is now under the
On Sat, 2014-01-11 at 17:55 +0100, Didier 'OdyX' Raboud wrote:
> Hi all,
>
> this "GnuTLS in Debian" thread triggered my switch of the src:cups
> package from linking against GnuTLS to now link against OpenSSL. CUPS is
> GPL-2 only with an OpenSSL exception.
Hi all,
this "GnuTLS in Debian" thread triggered my switch of the src:cups
package from linking against GnuTLS to now link against OpenSSL. CUPS is
GPL-2 only with an OpenSSL exception.
Today, Andreas rightly pointed to me that this induces a problem (for
Debian) for all GPL-witho
Op 05-01-14 15:57, Clint Adams schreef:
> On Sat, Jan 04, 2014 at 05:07:29PM +0100, Wouter Verhelst wrote:
>> This goes for GPLvX "or later", but also for other "or later" licenses,
>> where they exist.
>>
>> I'm convinced that the GPLv2 is a free license, but I'm so far undecided
>> on the GPLv3 (
Hi Dimitri,
On Mon, 6 Jan 2014 15:22:09 +, Dimitri John Ledkov
wrote:
> But GPL text does confuse me as a whole, no modifications nor derivate
> works of the GPL license text are allowed, and the original text has
> "and later" clause - is licensing without "and later" constitues
> modificati
On 6 January 2014 15:07, David Weinehall wrote:
>
> On Sat, Jan 04, 2014 at 03:13:01AM +, Clint Adams wrote:
> > On Wed, Jan 01, 2014 at 10:58:32AM +0100, David Weinehall wrote:
> > > That's also why I *don't* use BSD-style licenses for software that
> > > I write, but rather GPLv2 or LGPLv2.1
On Sat, Jan 04, 2014 at 03:13:01AM +, Clint Adams wrote:
> On Wed, Jan 01, 2014 at 10:58:32AM +0100, David Weinehall wrote:
> > That's also why I *don't* use BSD-style licenses for software that
> > I write, but rather GPLv2 or LGPLv2.1.
>
> So if someone takes your LGPLv2.1-only software and
On Sat, Jan 04, 2014 at 05:07:29PM +0100, Wouter Verhelst wrote:
> This goes for GPLvX "or later", but also for other "or later" licenses,
> where they exist.
>
> I'm convinced that the GPLv2 is a free license, but I'm so far undecided
> on the GPLv3 (mainly because I've not read the license text
Moritz Mühlenhoff wrote:
> Andreas Metzler schrieb:
>> #5 Declare GMP to be a system library.
> (..)
>> #5 was how Fedora looked at the OpenSSL library issue. Since Debian
>> has another viewpoint on OpenSSL I somehow doubt we would use it for
>> GMP.
> We should do that (and also reevaluate th
Op 23-12-13 23:43, Clint Adams schreef:
> GPLv2-only folks should be made to see how their antisocial
> behavior is harming everyone. I think this is a delightful
> situation for them to be in.
I am not a member of the church of GNU, nor do I wish to be. I respect
Richard Stallman (and his band o
Hi there!
On Sat, 04 Jan 2014 04:29:02 +0100, Paul Tagliamonte wrote:
> On Tue, Dec 31, 2013 at 08:59:53AM -0600, Matt Zagrabelny wrote:
>> > So your doomsday scenario is that if you license something
>> > GPLv2+, someone might fork and modify it to be GPLv3+,
>>
>> I was under the impression tha
On Tue, Dec 31, 2013 at 08:59:53AM -0600, Matt Zagrabelny wrote:
> > So your doomsday scenario is that if you license something
> > GPLv2+, someone might fork and modify it to be GPLv3+,
>
> I was under the impression that forks couldn't change licenses. Is the
> scenario which Clint describes (le
On Wed, Jan 01, 2014 at 10:58:32AM +0100, David Weinehall wrote:
> That's also why I *don't* use BSD-style licenses for software that
> I write, but rather GPLv2 or LGPLv2.1.
So if someone takes your LGPLv2.1-only software and adds GPLv2-only
code to it, do you feel similarly betrayed because you
]] Russ Allbery
Wildly off-topic, but hey. :-)
> Yeah, I saw that also in Bernhard's reply. That confusion had honestly
> never occurred to me before since, despite the visual similarities, the
> words are completely unrelated in English. The etymologies are disjoint:
> idiot comes from French
Thomas Hochstein writes:
> Russ Allbery schrieb:
>> "Bernhard R. Link" writes:
>>> Could you please stop using that word "idiosyncratic".
>> I believe idiosyncratic is exactly the correct term:
>> idiosyncratic
>> adj 1: peculiar to the individual; "we all have our own
>>
Russ Allbery schrieb:
> "Bernhard R. Link" writes:
>> Could you please stop using that word "idiosyncratic".
>
> I believe idiosyncratic is exactly the correct term:
>
> idiosyncratic
> adj 1: peculiar to the individual; "we all have our own
> idiosyncratic gestures"; "Michel
Le 30 déc. 2013 10:06, "Florian Weimer" a écrit :
>
> * Bastien ROUCARIES:
>
> > Fedora created a open SSL compat library based on libnss.
>
> It doesn't work all that well because there is no way to implement
> host name checking. The OpenSSL API it's based on did not have an
> interface for hos
On Tue, Dec 31, 2013 at 02:54:50PM +, Clint Adams wrote:
> On Sun, Dec 29, 2013 at 03:50:06AM +0100, David Weinehall wrote:
> > Apart from the termination clause, the GPLv2 is far more concise,
> > I don't see tivoization as a problem (it's the software I want to
> > protect, not anyone's combi
On Tue, Dec 31, 2013 at 08:59:53AM -0600, Matt Zagrabelny wrote:
> On Tue, Dec 31, 2013 at 8:54 AM, Clint Adams wrote:
> > On Sun, Dec 29, 2013 at 03:50:06AM +0100, David Weinehall wrote:
> >> Apart from the termination clause, the GPLv2 is far more concise,
> >> I don't see tivoization as a probl
Matt,
Yes, it is possible, but only the contributions of the fork would be
GPLv3 only, the original GPLv2+ code would still be just that.
Nevertheless, the final product would be GPLv3 only.
Cameron Norman
On Tue, Dec 31, 2013 at 6:59 AM, Matt Zagrabelny
wrote:
On Tue, Dec 31, 2013 at 8:5
On Tue, Dec 31, 2013 at 8:54 AM, Clint Adams wrote:
> On Sun, Dec 29, 2013 at 03:50:06AM +0100, David Weinehall wrote:
>> Apart from the termination clause, the GPLv2 is far more concise,
>> I don't see tivoization as a problem (it's the software I want to
>> protect, not anyone's combination of i
On Sun, Dec 29, 2013 at 03:50:06AM +0100, David Weinehall wrote:
> Apart from the termination clause, the GPLv2 is far more concise,
> I don't see tivoization as a problem (it's the software I want to
> protect, not anyone's combination of it with hardware), nor do I care
> about compatibility with
Steve Langasek writes:
> The GPL requirement about dependency licensing does not rely on the
> legal definition of derivative works. So arguments that a GPL program
> that links against OpenSSL is not a derivative work of OpenSSL are
> missing the point.
I don't believe this is true of the GPLv
On Mon, Dec 30, 2013 at 10:15:02PM +0100, Ansgar Burchardt wrote:
> Russ Allbery writes:
> > Most upstream authors that I've spoken with don't believe that licensing
> > crosses the shared library ABI boundary, that the shared OpenSSL library
> > and the GPLv2 program that calls it remain separate
Ansgar Burchardt writes:
> Russ Allbery writes:
>> Most upstream authors that I've spoken with don't believe that
>> licensing crosses the shared library ABI boundary, that the shared
>> OpenSSL library and the GPLv2 program that calls it remain separate
>> works, and therefore there is no need
Vincent Lefevre writes:
> On 2013-12-30 10:57:32 -0800, Russ Allbery wrote:
>> Most upstream authors that I've spoken with don't believe that
>> licensing crosses the shared library ABI boundary, that the shared
>> OpenSSL library and the GPLv2 program that calls it remain separate
>> works, and
On 2013-12-30 10:57:32 -0800, Russ Allbery wrote:
> Most upstream authors that I've spoken with don't believe that licensing
> crosses the shared library ABI boundary, that the shared OpenSSL library
> and the GPLv2 program that calls it remain separate works, and therefore
> there is no need for O
Hi,
Russ Allbery writes:
> Most upstream authors that I've spoken with don't believe that licensing
> crosses the shared library ABI boundary, that the shared OpenSSL library
> and the GPLv2 program that calls it remain separate works, and therefore
> there is no need for OpenSSL to meet the GPLv
Jonathan Nieder writes:
> Is that true? When does it even come up? What do this majority of
> upstream authors take the meaning and purpose of the phrase
> unless that component itself accompanies the executable.
> in the GPLv2 to be?
Most upstream authors that I've spoken with don't b
Thomas Goirand wrote:
> Most upstream authors who
> cares about licensing, do not agree with Debian's view about GPL and
> OpenSSL incompatibility, and this is what counts.
Is that true? When does it even come up? What do this majority of
upstream au
* Bastien ROUCARIES:
> Fedora created a open SSL compat library based on libnss.
It doesn't work all that well because there is no way to implement
host name checking. The OpenSSL API it's based on did not have an
interface for host name verification, and the compatibility library
does not dupli
On Sat, Dec 28, 2013 at 05:59:35PM -0500, Stephen M. Webb wrote:
> Nope. An organization that will not accept the GPLv3 because of the
> tivoization and patent clauses will not accept
> GPLv2 or later. The "or later" clause means a downstream can invoke their
> rights under the GPLv3 to demand
On 12/28/2013 06:09 PM, Bernhard R. Link wrote:
> * Thomas Goirand [131228 08:30]:
>> don't think it does anymore, especially seeing that almost no upstream
>> author cares about Debian's nit-picking on this particular issue. We're
>> just beating ourselves for no valid reason.
>
> Almost no upst
* Andreas Metzler:
> In July 2011 with version 3.0 [1] GnuTLS switched to Nettle as only
> supported crypto backend. Nettle requires GMP.
>
> GnuTLS and Nettle are available under LGPLv2.1+. GMP used to be
> licensed LGPLv2.1+ ages ago but upgraded to LGPLv3+ in version 4.2.2
> (released Septembe
On 2013-12-28 19:24:33 -0800, Steve Langasek wrote:
> Now, the companies in question may legitimately regard a GPLv2+
> upstream as a source business risk, because they have no guarantee
> that future versions of the software won't be made available under
> GPLv3+ instead of GPLv2+, and if they're
On Dec 28, "Bernhard R. Link" wrote:
> Almost no upstream author cares about licensing at all. The mayority of
Great, no ethical issues to be concerned with then.
> Debian is no corporation that can just willy-nilly copy stuff around
> without caring for the law and hoping noone will find out or
On Sat, Dec 28, 2013 at 08:38:09PM -0500, Stephen M. Webb wrote:
> On 12/28/2013 07:51 PM, Kurt Roeckx wrote:
> > The "or later" means "or later" and just that. It doesn't mean
> > a downstream can say they received it under the later version.
> > And the upstream can't claim that either.
> The
On Sat, Dec 28, 2013 at 08:53:56PM +, Clint Adams wrote:
> On Sat, Dec 28, 2013 at 09:45:09AM +0100, David Weinehall wrote:
> > As one of the "GPL v2 only" proponents, I take affront. I choose to
> > license what little software I release as GPL v2 only because I do not
> > consider the GPL v3
On 2013-12-28 17:59:35 -0500, Stephen M. Webb wrote:
> On 12/28/2013 04:15 PM, Kurt Roeckx wrote:
> > On Sat, Dec 28, 2013 at 04:11:18PM -0500, Stephen M. Webb wrote:
> >> There are organization who will allow v2 but not v3 because of
> >> the tivoizaton and patent clauses. A developer may want his
On 12/28/2013 07:51 PM, Kurt Roeckx wrote:
>
> The "or later" means "or later" and just that. It doesn't mean
> a downstream can say they received it under the later version.
> And the upstream can't claim that either.
The "or later" means my clients' lawyers state unequivocally that they will n
On Sat, Dec 28, 2013 at 05:59:35PM -0500, Stephen M. Webb wrote:
> On 12/28/2013 04:15 PM, Kurt Roeckx wrote:
> > On Sat, Dec 28, 2013 at 04:11:18PM -0500, Stephen M. Webb wrote:
> >> On 12/28/2013 03:53 PM, Clint Adams wrote:
> >>> On Sat, Dec 28, 2013 at 09:45:09AM +0100, David Weinehall wrote:
>
On 28/12/13 22:59, Stephen M. Webb wrote:
> On 12/28/2013 04:15 PM, Kurt Roeckx wrote:
>> On Sat, Dec 28, 2013 at 04:11:18PM -0500, Stephen M. Webb wrote:
>>> There are organization who will allow v2 but not v3 because of the
>>> tivoizaton and patent clauses. A developer may want
>>> his work to
On Sun, 29 Dec 2013 02:59:35 +0400, Stephen M. Webb
wrote:
On 12/28/2013 04:15 PM, Kurt Roeckx wrote:
On Sat, Dec 28, 2013 at 04:11:18PM -0500, Stephen M. Webb wrote:
On 12/28/2013 03:53 PM, Clint Adams wrote:
On Sat, Dec 28, 2013 at 09:45:09AM +0100, David Weinehall wrote:
As one of the "G
On 12/28/2013 04:15 PM, Kurt Roeckx wrote:
> On Sat, Dec 28, 2013 at 04:11:18PM -0500, Stephen M. Webb wrote:
>> On 12/28/2013 03:53 PM, Clint Adams wrote:
>>> On Sat, Dec 28, 2013 at 09:45:09AM +0100, David Weinehall wrote:
As one of the "GPL v2 only" proponents, I take affront. I choose to
On Sat, Dec 28, 2013 at 04:11:18PM -0500, Stephen M. Webb wrote:
> On 12/28/2013 03:53 PM, Clint Adams wrote:
> > On Sat, Dec 28, 2013 at 09:45:09AM +0100, David Weinehall wrote:
> >> As one of the "GPL v2 only" proponents, I take affront. I choose to
> >> license what little software I release as
On 12/28/2013 03:53 PM, Clint Adams wrote:
> On Sat, Dec 28, 2013 at 09:45:09AM +0100, David Weinehall wrote:
>> As one of the "GPL v2 only" proponents, I take affront. I choose to
>> license what little software I release as GPL v2 only because I do not
>> consider the GPL v3 to have what attract
On Sat, Dec 28, 2013 at 09:45:09AM +0100, David Weinehall wrote:
> As one of the "GPL v2 only" proponents, I take affront. I choose to
> license what little software I release as GPL v2 only because I do not
> consider the GPL v3 to have what attracted me to use the GPL v2 in the
> first place.
T
On 2013-12-28 09:45:09 +0100, David Weinehall wrote:
> Relicensing libraries that have long been GPL v2 (or later) or LGPL v2.1
> (or later) to (L)GPL v3 (or later) is, if anything, very antisocial,
> since it locks out users of GPL v2 (only) software and forces the GPL v3
> interpretation onto GPL
* Thomas Goirand [131228 08:30]:
> don't think it does anymore, especially seeing that almost no upstream
> author cares about Debian's nit-picking on this particular issue. We're
> just beating ourselves for no valid reason.
Almost no upstream author cares about licensing at all. The mayority of
* Russ Allbery [131227 18:53]:
> "Bernhard R. Link" writes:
> > * Russ Allbery [131224 01:42]:
>
> >> On the contrary, it's Debian's insistence on following an idiosyncratic
> >> license interpretation that's creating the supposed unfairness. This
> >> is obviously not Red Hat's fault.
>
> > Co
On Mon, Dec 23, 2013 at 10:43:54PM +, Clint Adams wrote:
[snip]
> GPLv2-only folks should be made to see how their antisocial
> behavior is harming everyone. I think this is a delightful
> situation for them to be in.
>
> Plenty of other licenses have an "or later" baked in and nobody
> whine
On 12/25/2013 12:38 AM, Clint Byrum wrote:
> Excerpts from Thomas Goirand's message of 2013-12-23 23:38:15 -0800:
>> On 12/24/2013 12:04 AM, Marco d'Itri wrote:
>>> This is self-inflicted damage, and I think it's slightly arrogant to
>>> pretend that Debian is the only organization which cares abo
On Fri, Dec 27, 2013 at 02:38:50PM +, Thorsten Glaser wrote:
> Steve Langasek dixit:
>
> >of GPLv3, and explicitly did not. In fact, the system library exception is
> >now defined even more narrowly than for GPLv2, so that it now covers only
> >language runtime libraries. I think this was a
"Bernhard R. Link" writes:
> * Russ Allbery [131224 01:42]:
>> On the contrary, it's Debian's insistence on following an idiosyncratic
>> license interpretation that's creating the supposed unfairness. This
>> is obviously not Red Hat's fault.
> Could you please stop using that word "idiosyncr
* Russ Allbery [131224 01:42]:
> On the contrary, it's Debian's insistence on following an idiosyncratic
> license interpretation that's creating the supposed unfairness. This is
> obviously not Red Hat's fault.
Could you please stop using that word "idiosyncratic". How about
using "interpretati
Steve Langasek dixit:
>of GPLv3, and explicitly did not. In fact, the system library exception is
>now defined even more narrowly than for GPLv2, so that it now covers only
>language runtime libraries. I think this was a poor choice on the FSF's
Is it really?
| A "Standard Interface" means an
On mer, dic 25, 2013 at 01:36:13 -0800, Jonathan Nieder wrote:
> Russ Allbery wrote:
>
> > Has anyone asked the Git maintainers whether they object to their software
> > being linked with a libcurl that uses OpenSSL?
>
> I am not the author of the most of Git. As a minority author:
>
> - libcu
Russ Allbery wrote:
> Has anyone asked the Git maintainers whether they object to their software
> being linked with a libcurl that uses OpenSSL?
I am not the author of the most of Git. As a minority author:
- libcurl provides a quite similar API with OpenSSL as with GnuTLS.
I wish it provi
On Mon, 23 Dec 2013 23:36:34 -0800, Steve Langasek wrote:
>> I, too, believe that we could use the reality check. We already did so
>> with our patent policy and solved long-standing problems for our users.
>
> Well, I'm not sure what problems that patent policy actually solved for
> our users.
On Tue, Dec 24, 2013 at 12:02:31PM +0100, Carlos Alberto Lopez Perez wrote:
> About the system library exception, this is what the GPL FAQ tells:
> Q: Can I link a GPL program with a proprietary system library?
> A: Both versions of the GPL have an exception to their copyleft,
> commonly called t
Excerpts from Thomas Goirand's message of 2013-12-23 23:38:15 -0800:
> On 12/24/2013 12:04 AM, Marco d'Itri wrote:
> > This is self-inflicted damage, and I think it's slightly arrogant to
> > pretend that Debian is the only organization which cares about ethics.
>
> For once, I agree with you Mar
Excerpts from Russ Allbery's message of 2013-12-23 16:42:29 -0800:
> Clint Byrum writes:
> > Excerpts from Russ Allbery's message of 2013-12-23 10:54:49 -0800:
> >> Clint Byrum writes:
>
> >>> An author is not the only party to text. There are also those who have
> >>> received this license, and
On 23/12/13 02:16, Shawn Wilson wrote:
> My gut reaction was that #5 or #6 are the best option (leaning to #6).
> However I guess I don't understand what making something a system library
> effects the license?
>
> Andreas Metzler wrote:
>>
>> #5 Declare GMP to be a system library.
>>
>> #6 Mov
On Mon, Dec 23, 2013 at 08:40:54AM +0200, Faidon Liambotis wrote:
> On 12/23/13 02:15, Steve Langasek wrote:
> I think a better way to put Marco's argument would be: "[h]acker
> legal education, with its roots in programming, is strong on formal
> precision and textual exegesis. But it is notably l
On 12/24/2013 12:04 AM, Marco d'Itri wrote:
> This is self-inflicted damage, and I think it's slightly arrogant to
> pretend that Debian is the only organization which cares about ethics.
For once, I agree with you Marco.
On 12/24/2013 01:22 AM, Clint Byrum wrote:
> If it were to reverse positio
On Mon, Dec 23, 2013 at 12:50:36PM -0800, Russ Allbery wrote:
> Steve Langasek writes:
> > I think you've managed to invert my point here, actually, which was that
> > when someone licenses their work under *the GPL*, we should respect
> > their wishes - even though it would make our lives a lot
On 22/12/13 21:59, Ben Hutchings wrote:
>>> #1 Fork LGPLv2.1+ GMP (version 4.2.1) for Debian.
>> >
>> > This seems like the best idea, as it lets us use newer versions of
>> > GnuTLS that support elliptic curves with the minimum amount of pain.
> I think this would be a good idea if GnuTLS doesn't
Clint Byrum writes:
> Excerpts from Russ Allbery's message of 2013-12-23 10:54:49 -0800:
>> Clint Byrum writes:
>>> An author is not the only party to text. There are also those who have
>>> received this license, and adhered to it for the sake of the author
>>> and the copyright holders who hav
Excerpts from Russ Allbery's message of 2013-12-23 10:54:49 -0800:
> Clint Byrum writes:
>
> > An author is not the only party to text. There are also those who have
> > received this license, and adhered to it for the sake of the author and
> > the copyright holders who have also adhered to it.
FWIW, I support moving forward with #6.
/Simon
You wrote:
> My gut reaction was that #5 or #6 are the best option (leaning to
> #6). However I guess I don't understand what making something a
> system library effects the license?
>
> Andreas Metzler wrote:
> >Hello,
> >
> >Debian ist still rel
On Mon, Dec 23, 2013 at 12:24:11PM -0800, Steve Langasek wrote:
> Which crypto library has a non-awful API?
Many of the native Haskell crypto libraries do. I am aware
that that is a somewhat unhelpful answer.
> I think you've managed to invert my point here, actually, which was that
> when someo
Clint Adams writes:
> If I recall correctly, similar things were said about freeing Moria and
> Angband, then it turned out that it would have been trivial to contact
> Robert Koeneke if anyone had actually bothered to try.
That doesn't quite match my memory. People did try when the idea first
On 23 December 2013 20:04, Clint Adams wrote:
> On Mon, Dec 23, 2013 at 10:54:49AM -0800, Russ Allbery wrote:
>> There is no way to change the OpenSSL license. The project doesn't use
>> copyright assignment and the number of contributors is far too large to be
>> able to track them all down and
Steve Langasek writes:
> I think you've managed to invert my point here, actually, which was that
> when someone licenses their work under *the GPL*, we should respect
> their wishes - even though it would make our lives a lot easier to be
> able to ship binaries linked against OpenSSL.
Which me
On Mon, Dec 23, 2013 at 08:04:32PM +, Clint Adams wrote:
> On Mon, Dec 23, 2013 at 10:54:49AM -0800, Russ Allbery wrote:
> > There is no way to change the OpenSSL license. The project doesn't use
> > copyright assignment and the number of contributors is far too large to be
> > able to track t
On Mon, Dec 23, 2013 at 10:54:49AM -0800, Russ Allbery wrote:
> There is no way to change the OpenSSL license. The project doesn't use
> copyright assignment and the number of contributors is far too large to be
> able to track them all down and get their permission.
I do not believe that either
Stephan Seitz writes:
> Yes, this is true, but I’m wondering how many lawyer you mean to ask? Is
> one enough? After all this is a difficult question, and you will only
> get the final answer from a judge in the end.
The realistic probability of a lawsuit here is small (has anyone *ever*
been su
On Mon, Dec 23, 2013 at 10:54:49AM -0800, Russ Allbery wrote:
but I think we should ask a real lawyer and not rely on careful parsing
Yes, this is true, but I’m wondering how many lawyer you mean to ask? Is
one enough? After all this is a difficult question, and you will only get
the final an
Clint Byrum writes:
> An author is not the only party to text. There are also those who have
> received this license, and adhered to it for the sake of the author and
> the copyright holders who have also adhered to it.
> So, it is rather disrespectful and could cause harm to those who have
> wo
Excerpts from md's message of 2013-12-23 08:04:57 -0800:
> On Dec 23, Steve Langasek wrote:
>
> > Red Hat only needs to meet the standard that they don't think there's risk
> > to the company of being sued for a license violation. Debian holds itself
> > to a higher, ethical standard of complyin
On Dec 23, Steve Langasek wrote:
> Red Hat only needs to meet the standard that they don't think there's risk
> to the company of being sued for a license violation. Debian holds itself
> to a higher, ethical standard of complying with the license even when the
> risks are small.
I am clearly mi
On Sun, Dec 22, 2013 at 9:59 PM, Ben Hutchings wrote:
> On Sun, 2013-12-22 at 19:52 +, brian m. carlson wrote:
>> On Sun, Dec 22, 2013 at 08:12:40PM +0100, Andreas Metzler wrote:
>> > How to continue from here/solve this:
>> > -
>> > #1 Fork LGPLv2.1+ GMP (version 4.2.1) for Debian.
>>
On 2013-12-22 Andreas Metzler wrote:
[...]
> In July 2011 with version 3.0 [1] GnuTLS switched to Nettle as only
> supported crypto backend. Nettle requires GMP.
> GnuTLS and Nettle are available under LGPLv2.1+. GMP used to be
> licensed LGPLv2.1+ ages ago but upgraded to LGPLv3+ in version 4.2
On 12/23/13 02:15, Steve Langasek wrote:
On Mon, Dec 23, 2013 at 12:25:40AM +0100, Marco d'Itri wrote:
On Dec 22, Moritz Mühlenhoff wrote:
We should do that (and also reevaluate the position wrt OpenSSL) by
running it by the Software Freedom Law Center.
Red Hat has real lawyers who looked
My gut reaction was that #5 or #6 are the best option (leaning to #6). However
I guess I don't understand what making something a system library effects the
license?
Andreas Metzler wrote:
>Hello,
>
>Debian ist still relying heavily on GnuTLS 2.12.x, and I do not think
>this is sustainable for
Steve Langasek writes:
> On Mon, Dec 23, 2013 at 12:25:40AM +0100, Marco d'Itri wrote:
>> On Dec 22, Moritz Mühlenhoff wrote:
>>> We should do that (and also reevaluate the position wrt OpenSSL) by
>>> running it by the Software Freedom Law Center.
>>> Red Hat has real lawyers who looked into t
On Mon, Dec 23, 2013 at 12:25:40AM +0100, Marco d'Itri wrote:
> On Dec 22, Moritz Mühlenhoff wrote:
> > We should do that (and also reevaluate the position wrt OpenSSL) by
> > running it by the Software Freedom Law Center.
> > Red Hat has real lawyers who looked into the issue, we should do the
On Dec 22, Moritz Mühlenhoff wrote:
> We should do that (and also reevaluate the position wrt OpenSSL) by
> running it by the Software Freedom Law Center.
>
> Red Hat has real lawyers who looked into the issue, we should do the
> same.
Agreed, Debian has been promoting bad decisions due to deve
Le 22 déc. 2013 22:00, "Ben Hutchings" a écrit :
>
> On Sun, 2013-12-22 at 19:52 +, brian m. carlson wrote:
> > On Sun, Dec 22, 2013 at 08:12:40PM +0100, Andreas Metzler wrote:
> > > How to continue from here/solve this:
> > > -
> > > #1 Fork LGPLv2.1+ GMP (version 4.2.1) for Debian.
>
1 - 100 of 105 matches
Mail list logo
