On 06/27/2012 01:54 PM, Guy Hulbert wrote: > Define "derivative". Until it's compiled, it's not.
Right. Unfortunately for debian, and any other binary distributor of CPAN modules, we distribute it compiled. > Tha *compiler*. So it might be a problem for Debian except that Debian > is NOT using the string "OpenSSL". It is using the lower-case version. > So there's no violation ... though IANAL. Wow, there's a way to thread the needle that hadn't occurred to me. Was this what you were trying to point out before? I have my doubts about the legitimacy of the case of the package name as a differentiator, frankly, but i suppose that's one approach to take. Should we also change the case of the man pages and the paths to the .pm files? > IMO, if Debian is to do anything, it should first contact the "OpenSSL > Project" to see if there's a problem. Harassing CPAN authors seems > premature to me. I'm not sure how the debian project can ask the OpenSSL project for written permission to use the string in these projects, since: (a) debian can't accept a debian-specific license exception (see the DFSG for details), and (b) debian isn't the CPAN upstream author. A successful request by CPAN module authors to the OpenSSL project to get approval for the use of the name would resolve the issue for *all* binary distributors of CPAN modules, afaict. I'm not sure what we would gain from a request from debian. If OpenSSL says "sure, you can do that in debian", then we leave our derivatives and distributors (and other users) exposed to an ambiguous license that could be used against them, which is contrary to the DSC. It seems like the CPAN module authors are going to have to be involved ("harrassed") somehow, unless "openssl" is considered sufficiently different from "OpenSSL" to invalidate stanza 5 of the OpenSSL license. --dkg
signature.asc
Description: OpenPGP digital signature