[Bug 2097320] [NEW] Links against incompatibly licensed OpenSSL

Mon, 03 Feb 2025 15:10:42 -0800 

Public bug reported:

Git is licensed under the GNU General Public License, version 2.
Included in Git is /usr/lib/git-core/git-remote-http, which is the
backend which uses libcurl to perform HTTP-based operations.
Unfortunately, as of plucky, that binary appears to be linked against
OpenSSL, probably because OpenLDAP, on which libcurl depends, is linked
against OpenSSL.

OpenSSL is under the Apache License 2.0, which is, despite everyone's
best intentions, not actually compatible with the GNU General Public
License version 2, and thus the Git binary is not actually
distributable.

Note that Ubuntu cannot take advantage of the system library exception,
the text of which is as follows:

  However, as a special exception, the source code distributed need not
  include anything that is normally distributed (in either source or
  binary form) with the major components (compiler, kernel, and so on)
  of the operating system on which the executable runs, unless that
  component itself accompanies the executable.

Since Ubuntu distributes OpenSSL on the same mirror network and
installation media as Git, OpenSSL accompanies the executable.

I have not verified if other binaries or parts of Git are affected, but
you may want to do so.  Assuming that my conjecture about OpenLDAP being
the cause of this is correct, you may want to revert the change to
OpenSSL there.

Of course, if you can provide a version of OpenSSL that is also under
the GNU General Public License version 2 or another license which is
compatible with it, then that would also be satisfactory.  In that case,
please reassign this package to the `openssl` source package to get the
copyright file updated accordingly.

Note that this doesn't yet appear in any released version of Ubuntu, but
should be fixed before the next release.

** Affects: git (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2097320

Title:
  Links against incompatibly licensed OpenSSL

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/git/+bug/2097320/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to