Clint Byrum <spam...@debian.org> writes: > An author is not the only party to text. There are also those who have > received this license, and adhered to it for the sake of the author and > the copyright holders who have also adhered to it.
> So, it is rather disrespectful and could cause harm to those who have > worked within the confines of the text to at some point ignore the text. > I'm not suggesting it _will_ cause harm, but it may. In fact, RedHat has > harmed Debian and enriched themselves by ignoring it. This strikes me as equivalent to a long-distance runner who insists on running barefoot due to an idiosyncratic understanding of the rules of the race that isn't shared by anyone else, including the judges, and then gets upset at the other runners for winning while wearing shoes. (Analogy intentionally chosen because it is possible to compete and win in long-distance races barefoot, but most runners don't.) Red Hat is not responsible for our license interpretations. If the rest of the world doesn't care, standing by our interpretation looks less like ethics and more like masochism. > So Debian is now in an odd position. If it were to reverse position, > those users who have been diligently adhering to the license and > expending resources would be at a disadvantage to new users who won't > have to deal with that. Those users who have been diligently adhering to the license may well be doing things they don't have to do, and discovering that they don't have to do a bunch of work that they've been doing should be a cause for *relief*, not anger. Please, let's not get so invested in what we've done previously that we distort our thinking so far as to think that good news is actually bad news. > If the original authors would like to clarify their position (oh god > please OpenSSL change your license!), then this conflict of interest > would go away. But I suspect this has been argued to them before. There is no way to change the OpenSSL license. The project doesn't use copyright assignment and the number of contributors is far too large to be able to track them all down and get their permission. > Is it inconvenient? Absolutely. Should we change it? Well, last I > checked we do take votes on major issues. There are two angles to this question. One is whether we really do run a legal risk, which is something that should be answered by lawyers, and is not something on which we should vote. If it's not legally advisable to combine the code, that's the end of the matter as far as I'm concerned, but I think we should ask a real lawyer and not rely on careful parsing of the licenses in question. As Faidon pointed out, doing that often produces incorrect results in real-world legal systems. If a lawyer tells us we're being overly cautious, then the other angle is whether we want to continue to be unnecessarily cautious out of a sense of ethics, or just because we want to keep doing what we've always done and don't like change for some reason. If we get to that point, by all means, let's have a GR. I will be stunned if the project decides to insist on not using OpenSSL given legal advice that it's not a legal concern. -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/8761qf75za....@windlord.stanford.edu