> On 20 Apr 2023, at 14:07, Victor Seva <[email protected]> > wrote: > > Signed PGP part > > On 20/4/23 13:20, Olle E. Johansson wrote: >>> On 20 Apr 2023, at 12:57, Victor Seva <[email protected]> >>> wrote: >>> On 18/4/23 11:02, Olle E. Johansson wrote: >>>> Sorry, life got in the way, but I’m coming back to this discussion… >>>> I think we should >>>> * List all licenses per file in the sources package (as is done now) >>>> * Only use GPL v2 in the compiled (binary) packages >>>> >>>> The copyright is the same in both, but the license is in fact different. >>> >>> Uh, what do you mean? How the license of compiled package is different from >>> the ones in the source? >>> >>>> In general, no part of a compiled Kamailio can be distributed under BSD. >>>> There may be one of the internal libraries that could be unaffected by the >>>> GPL, >>>> but anyway, when the customer links in in memory to Kamailio it’s still >>>> GPL. >>> >>> Now I'm really confused :-( >> The wonders of GPL. It’s sticky. Even if you have other licenses (provided >> they are compatible) in the source code then the product itself is all GPL. >> So if I create a product and license it under GPLv2, and one of the source >> files is BSD, the compiled binary will be only GPLv2. >> No part of the compiled product is BSD any more. GPL kind of sticks to it >> all. >> BUT if you only look at the source code, and not the binary. I can create a >> product, license it under BSD and take one of the source >> files from kamailio and include it. >> * If that file is licensed under BSD, my product can be BSD when compiled >> and used. >> * If that file is licensed under GPLv2, my product will be GPLv2 when used. >> Regardless of the license of my source code. >> So the source package can have a list of licenses, but in my view the binary >> package can not. >> The stickyness include loading of .so modules - dynamic linking. >> This is why we can’t use GPLv2 licensed code when creating commercial >> products. Other licenses work fine. LGPL is another story. >> I’m not a lawyer, but have spent many years in these kind of discussions. >> Happy if wrong. :-) > > Ah, OK. Yes, indeed but there's no explicit license on the binary deb, AFAIK.
If you go back in this thread, you’ll see that my SBOM tools found a long list of licenses in the debian package, which is why I started this discussion… They are using Debian packaging to find out about the licenses and thus provide bad information. /O
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ Kamailio (SER) - Development Mailing List To unsubscribe send an email to [email protected]
