On Fri, 31 Mar 2017 07:23:25 -0400 Richard Fontana wrote:
> On Thu, Mar 30, 2017 at 11:37:32PM +0200, Francesco Poli wrote:
> > On Wed, 29 Mar 2017 23:28:46 -0400 Richard Fontana wrote:
> >
> > > On Thu, Mar 30, 2017 at 05:08:24AM +0200, Carlos Alberto Lopez Perez
> > > wrote:
> > >
> > > > Do
On Thu, Mar 30, 2017 at 11:37:32PM +0200, Francesco Poli wrote:
> On Wed, 29 Mar 2017 23:28:46 -0400 Richard Fontana wrote:
>
> > On Thu, Mar 30, 2017 at 05:08:24AM +0200, Carlos Alberto Lopez Perez wrote:
> >
> > > Do you (or anyone else) _really_ think the copyright holders of the GPL
> > > pro
On Thu, Mar 30, 2017 at 10:27:46AM +0200, Florian Weimer wrote:
> On the other hand, when a larger upstream project
> granted us a linking exception for OpenSSL, they probably did not
> obtain consent from all the copyright holders, either.
Right. For example, I remember one case where a Debian de
* Philip Hands:
> P.P.S. Does anyone really expect a consensus to emerge where we decide
> to ignore the exception to the exception across the board without
> consulting lawyers? I think there are several people in this thread
> (myself included) that have demonstrated that they're going to argue
Quoting Francesco Poli (2017-03-30 23:37:32)
> On Wed, 29 Mar 2017 23:28:46 -0400 Richard Fontana wrote:
>
> > On Thu, Mar 30, 2017 at 05:08:24AM +0200, Carlos Alberto Lopez Perez wrote:
> >
> > > Do you (or anyone else) _really_ think the copyright holders of
> > > the GPL program in question h
Carlos Alberto Lopez Perez writes:
> On 30/03/17 21:29, Don Armstrong wrote:
>> On Thu, 30 Mar 2017, Carlos Alberto Lopez Perez wrote:
>>> * License Must Not Contaminate _Other_ Software
>>
>> A work which is a derivative work of another piece of software isn't
>> merely distributed alongside.
>
On Wed, 29 Mar 2017 23:28:46 -0400 Richard Fontana wrote:
> On Thu, Mar 30, 2017 at 05:08:24AM +0200, Carlos Alberto Lopez Perez wrote:
>
> > Do you (or anyone else) _really_ think the copyright holders of the GPL
> > program in question had any intention ever of not allowing their program
> > to
On Thu, 30 Mar 2017, Carlos Alberto Lopez Perez wrote:
> On 30/03/17 21:29, Don Armstrong wrote:
> > Precisely. It only has bearing on whether the system library
> > exception to derivative works applies.
>
> It should apply.
Why should it apply? GPLv2 is written to make the system library
except
On 30/03/17 08:05, Andrey Rahmatullin wrote:
> On Wed, Mar 29, 2017 at 11:10:01PM +0200, Carlos Alberto Lopez Perez wrote:
>> Apache 2.0 is compatible with GPLv3 [1] (therefore also with GPLv2+).
> It's more complicated than "therefore also".
> Imagine a GPL2+ program library linked with a GPL2 lib
On 30/03/17 21:29, Don Armstrong wrote:
> On Thu, 30 Mar 2017, Carlos Alberto Lopez Perez wrote:
>> * License Must Not Contaminate _Other_ Software
>
> A work which is a derivative work of another piece of software isn't
> merely distributed alongside.
>
>> Shipping a collection of software on a
On 30/03/17 21:09, Russ Allbery wrote:
> Lars Wirzenius writes:
>
>> Instead, I'll repeat that licenses shouldn't be violated. One way of
>> achieving that is to ask copyright holders for additional permissions
>> that are needed to avoid a violation.
>
> The problem with this approach, though,
On Thu, 30 Mar 2017, Carlos Alberto Lopez Perez wrote:
> * License Must Not Contaminate _Other_ Software
A work which is a derivative work of another piece of software isn't
merely distributed alongside.
> Shipping a collection of software on a DVD doesn't make any of this
> pieces of software a
On 30/03/17 14:31, Ian Jackson wrote:
> Carlos Alberto Lopez Perez writes ("Re: System libraries and the GPLv2"):
>> However, I still don't understand why we don't just declare OpenSSL a
>> system library; or at least define a clear policy for when a packag
On Thu, 30 Mar 2017, Holger Levsen wrote:
> It's also a major fuckup for some GPLv2-only users (as you just
> described), which as a result made *me* like+trust the FSF and the GPL
> less.
The FSF has always suggested that everyone license their works with the
current revision of the GPL at the ti
Quoting Carlos Alberto Lopez Perez (2017-03-30 19:12:53)
> On 30/03/17 10:44, Jonas Smedegaard wrote:
> > Quoting Carlos Alberto Lopez Perez (2017-03-30 05:08:24)
> >> On 30/03/17 03:11, Clint Byrum wrote:
> >>> Excerpts from Carlos Alberto Lopez Perez's message of 2017-03-30 02:49:04
> >>> +0200:
On 30/03/17 10:44, Jonas Smedegaard wrote:
> Quoting Carlos Alberto Lopez Perez (2017-03-30 05:08:24)
>> On 30/03/17 03:11, Clint Byrum wrote:
>>> Excerpts from Carlos Alberto Lopez Perez's message of 2017-03-30 02:49:04
>>> +0200:
I understand that Debian wants to take a position of zero (or
On Thu, Mar 30, 2017 at 10:27:46AM +0200, Florian Weimer wrote:
> What really annoys me about this whole situation is this: I think no
> one presently argues that the GPLv2 prevents people from distributing
> pre-built binaries for proprietary operating systems. I can take
> Hotspot (a component o
Carlos Alberto Lopez Perez writes ("Re: System libraries and the GPLv2"):
> However, I still don't understand why we don't just declare OpenSSL a
> system library; or at least define a clear policy for when a package is
> considered part of the base system (so the GPL
Quoting Carlos Alberto Lopez Perez (2017-03-30 05:08:24)
> On 30/03/17 03:11, Clint Byrum wrote:
> > Excerpts from Carlos Alberto Lopez Perez's message of 2017-03-30 02:49:04
> > +0200:
> >> I understand that Debian wants to take a position of zero (or
> >> minimal) risk, and I also understand th
* Richard Fontana:
> On Thu, Mar 30, 2017 at 05:08:24AM +0200, Carlos Alberto Lopez Perez wrote:
>
>> Do you (or anyone else) _really_ think the copyright holders of the GPL
>> program in question had any intention ever of not allowing their program
>> to be used along with OpenSSL, when they wher
* Adam Borowski:
> The approach of commercial companies to both code and law is "it compiles?
> Ship it!". They have sizeable legal departments, so the question they ask
> themselves is not "is this legal?" but "are costs of possible litigation
> smaller or greater than the cost of doing it corr
On Thu, Mar 30, 2017 at 05:08:24AM +0200, Carlos Alberto Lopez Perez wrote:
> Do you (or anyone else) _really_ think the copyright holders of the GPL
> program in question had any intention ever of not allowing their program
> to be used along with OpenSSL, when they where the ones implementing
>
On 30/03/17 03:11, Clint Byrum wrote:
> Excerpts from Carlos Alberto Lopez Perez's message of 2017-03-30 02:49:04
> +0200:
>> On 30/03/17 00:24, Philipp Kern wrote:
>>> On 03/29/2017 11:10 PM, Carlos Alberto Lopez Perez wrote:
So, the best case situation (IMHO) would be that a lawyer tell us
On Thu, Mar 30, 2017 at 02:49:04AM +0200, Carlos Alberto Lopez Perez wrote:
> However, I still don't understand why we don't just declare OpenSSL a
> system library; or at least define a clear policy for when a package is
> considered part of the base system (so the GPL system exception applies
> t
On 30/03/17 00:24, Philipp Kern wrote:
> On 03/29/2017 11:10 PM, Carlos Alberto Lopez Perez wrote:
>> So, the best case situation (IMHO) would be that a lawyer tell us that
>> Apache 2.0 is also compatible with GPLv2-only, and that we stop playing
>> the game of being amateur lawyers instead of sof
On 30/03/17 00:26, Josh Triplett wrote:
> Carlos Alberto Lopez Perez wrote:
>> On 26/03/17 01:01, Walter Landry wrote:
>>> Florian Weimer wrote:
> #5 Declare GMP to be a system library.
>
(snip)
> #5 was how Fedora looked at the OpenSSL library issue. Since Debian
> has a
On 03/29/2017 11:10 PM, Carlos Alberto Lopez Perez wrote:
> So, the best case situation (IMHO) would be that a lawyer tell us that
> Apache 2.0 is also compatible with GPLv2-only, and that we stop playing
> the game of being amateur lawyers instead of software developers.
But that's not how the la
On 29/03/17 22:25, Brian May wrote:
> Carlos Alberto Lopez Perez writes:
>
>> But in the worst case, it will be compatible with GPLv2+ and GPLv3.
>
> I am not sure I see this as the worst case situation. Or maybe you meant
> to write "incompatable"?
>
No.
Apache 2.0 is compatible with GPLv3 [
On 29/03/17 22:28, Andrey Rahmatullin wrote:
> On Wed, Mar 29, 2017 at 09:58:07PM +0200, Carlos Alberto Lopez Perez wrote:
>> So... does this means that we are actually *now* shipping OpenSSL with
>> GPL software on the same DVD?
> This is permitted, or are you joking?
>
>
>
Yes
It was a sarca
Carlos Alberto Lopez Perez writes:
> But in the worst case, it will be compatible with GPLv2+ and GPLv3.
I am not sure I see this as the worst case situation. Or maybe you meant
to write "incompatable"?
--
Brian May
On 29/03/17 19:37, Francesco Poli wrote:
> On Wed, 29 Mar 2017 14:49:48 +0200 Carlos Alberto Lopez Perez wrote:
>
> [...]
>> I think that any package that is essential for the base OS
>> (aka Priority: required) should qualify for the system exception.
>
> Well, for the record, package libssl1.0.
On 29/03/17 15:58, Dmitry Alexandrov wrote:
>> On 26/03/17 01:01, Walter Landry wrote:
>>> Florian Weimer wrote:
> #5 Declare GMP to be a system library.
>
(snip)
> #5 was how Fedora looked at the OpenSSL library issue. Since Debian
> has another viewpoint on OpenSSL I so
On Wed, 29 Mar 2017 14:49:48 +0200 Carlos Alberto Lopez Perez wrote:
[...]
> I think that any package that is essential for the base OS
> (aka Priority: required) should qualify for the system exception.
Well, for the record, package libssl1.0.2 is Priority: important,
hence, even with this crite
> On 26/03/17 01:01, Walter Landry wrote:
>> Florian Weimer wrote:
#5 Declare GMP to be a system library.
>>> (snip)
>>>
#5 was how Fedora looked at the OpenSSL library issue. Since Debian
has another viewpoint on OpenSSL I somehow doubt we would use it for
GMP.
>>>
>>> I
On 26/03/17 01:01, Walter Landry wrote:
> Florian Weimer wrote:
>>> #5 Declare GMP to be a system library.
>>>
>> (snip)
>>
>>> #5 was how Fedora looked at the OpenSSL library issue. Since Debian
>>> has another viewpoint on OpenSSL I somehow doubt we would use it for
>>> GMP.
>>
>> I would like t
Florian Weimer wrote:
>> #5 Declare GMP to be a system library.
>>
> (snip)
>
>> #5 was how Fedora looked at the OpenSSL library issue. Since Debian
>> has another viewpoint on OpenSSL I somehow doubt we would use it for
>> GMP.
>
> I would like to suggest to treat more libraries as eligible for
* Andreas Metzler:
> Problems:
> -
> GnuTLS 2.12.x is dated. It is upstream's old-old-old stable release
> (followed by 3.[012].x). The latest bugfix release happened in
> February 2012, later security fixes have not been solved by releases but
> by patches in GIT. GnuTLS 2.12.x does not w
37 matches
Mail list logo
