Re: openssl and GPL
On Sun, Apr 21, 2002 at 04:24:03PM -0500, Steve Langasek wrote: > There have always been problems linking GPL code with BSD code, so long > as the GPL has existed. Only code licensed under the new, > recently revised BSD license can be linked with GPL code. OpenSSL > doesn't use such a new-style BSD license. So I take it that the advertising clause is the only problem with the OpenSSL license? And can I also assume that the copyright holders have been contacted about this (probably billions of times), but don't want to change the license, for some reason? > > 2. Is http://www.openssl.org/support/faq.html#LEGAL> wrong? ie. > > "the GPL does not place restrictions on using libraries that are part of > > the normal operating system distribution". > > The actual wording of the GPL in this regard is > > The source code for a work means the preferred form of the work for > making modifications to it. For an executable work, complete source > code means all the source code for all modules it contains, plus any > associated interface definition files, plus the scripts used to > control compilation and installation of the executable. However, as a > special exception, the source code distributed need not include > anything that is normally distributed (in either source or binary > form) with the major components (compiler, kernel, and so on) of the > operating system on which the executable runs, unless that component > itself accompanies the executable. > > The current interpretation of this accepted by Debian, which I've been > unable to find fault with, is that if your operating system comes with > OpenSSL, it's ok to link *third-party* GPLed works against it; but if > you distribute a GPLed work together with the libraries it depends on, > even as part of an OS distribution (such as Debian), then those > libraries must all be licensed in a manner that's compatible with the > GPL. It is very vague. I wonder what the intention was. However, I am a bit puzzled; does that mean: - It is OK to distribute these programs if they are seperate from Debian? - It is OK to distribute a close source package that uses GPL packages from Debian? > The goals of the GPL are to ensure the greatest net level of software > freedom, by trading certain user freedoms (unlimited use of the source > code) for others (guaranteed availability of the source code of derived My feeling is that these limitations aren't on the source code, but the binary code. If it was only the source code, then the binary code wouldn't matter. So you can link X (GPL) against Y (BSD), but if the binary of Y is changed (maybe without prior notice) to link against, say openssl, then suddenly the original linkage breaks the GPL. Even though the original program (X) has not changed, and has not even been recompiled. Come to think of it, can the GPL really say "It is Ok to distribute package X, but not if the version of Y supplied is linked into openssl"? What if several compiled versions of Y have been made available, and only one of these uses openssl? (lets assume that these different versions can be used without recompiling, and that somehow the Depends field allows this). > works). As such, I don't think it's ever in conflict with the goals of > the GPL to prevent linking with code that doesn't provide users with the > same set of freedoms that the GPL itself does (or a superset thereof). > You may argue that you place greater value on the freedoms that > BSD-style licenses give you, but by virtue of the advertising clause, > the OpenSSL license nevertheless lacks one freedom that the GPL insists > on; and as such, it's incompatible. > > Given the long history of the GPL as a license, and the fact that it has > undergone revisions in the past, I think it's awkward to argue that it > doesn't really say what its authors meant for it to say. Rather, I see > the GPL as a principal source of insight into the goals of its authors. > :) I think that the GPL is vague and prone to misintepretation. For good example, see above issue ;-). The way I see Debians intepretation of the GPL is that it is based on the perspective of the end-user. So under this interpretation, a user should be able to install only GPL applications without their freedom being restricted by more restrictive licenses. However, if this was the case, shouldn't it still be OK simply to provide two packages, one without the offending library, so the user has the choice? What would happen if a "Priority: required" package required OpenSSL? Wouldn't this defeat the point of the restrictions set by the GPL? Since any users would have to install openssl anyway? Anyway, thanks for your response. -- Brian May <[EMAIL PROTECTED]> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: openssl and GPL
On Sun, Apr 21, 2002 at 04:15:09PM +1000, Brian May wrote: > Hello, > I am still a bit confused as to the problems with > linking GPL code with OPENSSL. I don't intend to start > any flame wars... > Please send CCs to me. Thanks. > If there is somewhere I can find this information, URLs > would be appreciated. > 1. What is the problem? I have read the GPL, and cannot recall the > problem. According to the top of /usr/doc/openssl/copyright, > openssl has a dual BSD style license. I haven't heard of problems > linking GPL code with BSD code before. So why is this different? There have always been problems linking GPL code with BSD code, so long as the GPL has existed. Only code licensed under the new, recently revised BSD license can be linked with GPL code. OpenSSL doesn't use such a new-style BSD license. > 2. Is http://www.openssl.org/support/faq.html#LEGAL> wrong? ie. > "the GPL does not place restrictions on using libraries that are part of > the normal operating system distribution". The actual wording of the GPL in this regard is The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. The current interpretation of this accepted by Debian, which I've been unable to find fault with, is that if your operating system comes with OpenSSL, it's ok to link *third-party* GPLed works against it; but if you distribute a GPLed work together with the libraries it depends on, even as part of an OS distribution (such as Debian), then those libraries must all be licensed in a manner that's compatible with the GPL. > I normally like the GPL, but I find it a bit irratating that I can't > take some GPL program, and link it against Heimdal (which happens to > be linked against OpenSSL), without express permission from all the > copyright holders of the GPL software. In fact, I would argue that this > goes against the goals of the GPL. The goals of the GPL are to ensure the greatest net level of software freedom, by trading certain user freedoms (unlimited use of the source code) for others (guaranteed availability of the source code of derived works). As such, I don't think it's ever in conflict with the goals of the GPL to prevent linking with code that doesn't provide users with the same set of freedoms that the GPL itself does (or a superset thereof). You may argue that you place greater value on the freedoms that BSD-style licenses give you, but by virtue of the advertising clause, the OpenSSL license nevertheless lacks one freedom that the GPL insists on; and as such, it's incompatible. Given the long history of the GPL as a license, and the fact that it has undergone revisions in the past, I think it's awkward to argue that it doesn't really say what its authors meant for it to say. Rather, I see the GPL as a principal source of insight into the goals of its authors. :) Steve Langasek postmodern programmer pgpYKd8NoeGag.pgp Description: PGP signature
Re: Crypto++ licencing
On Fri, Apr 19, 2002 at 06:34:30PM -0700, Stephen Zander wrote: > > "Walter" == Walter Landry <[EMAIL PROTECTED]> writes: > Walter> DSS and IDEA are both patented in Europe, so putting it in > Walter> non-us won't help. There is also the minor problem that > Walter> non-us is going the away. > I personally don't believe non-US is going away until the entire world > suports software patents. Crypto is not the only reason for it's > existence, just the most obvious one. > Walter> It is crypto, so you should talk to the release manager > Walter> about how to handle it. I only know what he wants done > Walter> for software currently in non-us. > For the rest, I'll remove IDEA, DSS & LUC from the upstream tarball, > put that in non-us/main for now, package the IDEA code separately and > put it in non-us/non-free Additionally, there is no plan yet to migrate the contents of non-US/non-free, most of which are not covered under the export exemption that we're using for non-US/main. The crypto-in-main migration is happening because it benefits our users and resellers to have as much of the distribution as possible available from a single source (the main archive), not because people want non-US to disappear altogether. Steve Langasek postmodern programmer pgpU7S1loP4kt.pgp Description: PGP signature
Re: openssl and GPL
On Sun, Apr 21, 2002 at 04:15:09PM +1000, Brian May wrote: > I normally like the GPL, but I find it a bit irratating that I can't > take some GPL program, and link it against Heimdal (which happens to > be linked against OpenSSL), without express permission from all the > copyright holders of the GPL software. In fact, I would argue that this > goes against the goals of the GPL. I'd tend to blame OpenSSL for this inconvenience, not the GPL. -- Glenn Maynard -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: openssl and GPL
On Sun, 2002-04-21 at 02:15, Brian May wrote: > I normally like the GPL, but I find it a bit irratating that I can't > take some GPL program, and link it against Heimdal (which happens to > be linked against OpenSSL), without express permission from all the > copyright holders of the GPL software. In fact, I would argue that this > goes against the goals of the GPL. The GPL was designed to prevent redistributors from adding additional restrictions. An advertising clause is another restriction. You might want to get upstream to look into using GNUTLS. http://www.gnu.org/software/gnutls/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Crypto++ licencing
On Sun, Apr 21, 2002 at 01:57:21PM +0200, Arnoud Galactus Engelfriet wrote: > Jeroen Dekkers wrote: > > On Sun, Apr 21, 2002 at 11:52:58AM +0200, Arnoud Galactus Engelfriet wrote: > > > Stephen Zander wrote: > > > > I don't believe the US will ever stop supporting softare patents; > > > > there's too much money at stake. > > > > > > By the same reasoning, the EC member states should also all > > > support software patents. The European industry also has a > > > lot of money at stake in software-related R&D (all the > > > software in DVD players and mobile phones, for example). > > > > Software patents is the biggest threat for free software and we should > > *never* support them. > > Keep in mind that I was responding to Stephen's comment that > the US wouldn't get rid of software patents because of their > economic importance. The exact same argument can be made > for the European countries. I'm not saying the argument is > right. I have the idea that Europe is less braindamaged then the USA. I hope I don't get proved wrong... > Nevertheless, I'm not sure this is the right place to debate > patent policy. I don't think Debian should worry too much, > unless they receive notification from a patent holder > identifying a patent and a program that infringes. The problem is that it's already too late when we receive a notification. I agree that it isn't the right list, if you want to discuss software patents in Europe, I think the discussion mailinglist of the FSFE is a good place. But the outcome of the discussions about software patents there is already that they are all bad etc. ;-) Jeroen Dekkers -- Jabber supporter - http://www.jabber.org Jabber ID: [EMAIL PROTECTED] Debian GNU supporter - http://www.debian.org http://www.gnu.org IRC: [EMAIL PROTECTED] pgpTuzkfcvxt3.pgp Description: PGP signature
Re: Crypto++ licencing
Jeroen Dekkers wrote: > On Sun, Apr 21, 2002 at 11:52:58AM +0200, Arnoud Galactus Engelfriet wrote: > > Stephen Zander wrote: > > > I don't believe the US will ever stop supporting softare patents; > > > there's too much money at stake. > > > > By the same reasoning, the EC member states should also all > > support software patents. The European industry also has a > > lot of money at stake in software-related R&D (all the > > software in DVD players and mobile phones, for example). > > Software patents is the biggest threat for free software and we should > *never* support them. Keep in mind that I was responding to Stephen's comment that the US wouldn't get rid of software patents because of their economic importance. The exact same argument can be made for the European countries. I'm not saying the argument is right. Nevertheless, I'm not sure this is the right place to debate patent policy. I don't think Debian should worry too much, unless they receive notification from a patent holder identifying a patent and a program that infringes. Arnoud -- Arnoud Engelfriet, (almost) Dutch patent attorney - Speaking only for myself Patents, copyright and IPR explained for techies: http://www.iusmentis.com/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Crypto++ licencing
On Sun, Apr 21, 2002 at 11:52:58AM +0200, Arnoud Galactus Engelfriet wrote: > Stephen Zander wrote: > > I don't believe the US will ever stop supporting softare patents; > > there's too much money at stake. > > By the same reasoning, the EC member states should also all > support software patents. The European industry also has a > lot of money at stake in software-related R&D (all the > software in DVD players and mobile phones, for example). Software patents is the biggest threat for free software and we should *never* support them. Jeroen Dekkers -- Jabber supporter - http://www.jabber.org Jabber ID: [EMAIL PROTECTED] Debian GNU supporter - http://www.debian.org http://www.gnu.org IRC: [EMAIL PROTECTED] pgpreQc2kI9aj.pgp Description: PGP signature
Re: openssl and GPL
David Starner wrote: > On Sun, Apr 21, 2002 at 04:15:09PM +1000, Brian May wrote: > > 2. Is http://www.openssl.org/support/faq.html#LEGAL> wrong? ie. > > "the GPL does not place restrictions on using libraries that are part of > > the normal operating system distribution". > > Yes, it does state that. The restrictions on it, however, are somewhat > confusing, and leads many of us to believe that Debian can't distribute > GPL'ed code linked with it in main. For one thing, putting it on the > same CD as libssl wouldn't be possible, as then "that component itself > [libssl, in this case] accompanies the executable." Would all this be solved if we declared libssl an essential part of the operating system? The OpenSSL FAQ claims it would. On a woody system, apt-cache showpkg libssl0.9.6 lists about 170 packages that depend on it, some of them libraries, so it is in any case a package that is used a lot. And since it has moved to main, even more packages may want to use it. Ivo -- Böser, böser Pinguin! - Nichtlustig -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Crypto++ licencing
Stephen Zander wrote: > No, I meant what I said. While at least one country in the world > refuses to recognise software patents, there will be a safe place for > that which we currently call "non-US" to exist (the fact that it's > currently called "non-US" rather than "non-encumbered" or something > else is irrelevant to me). If every nation in the world supports > software patents, then Debian will no longer be able to package > potentially patent infringing code because it will be illegal to do > so everywhere (yes, that last staement is a tautology). The Netherlands already recognizes software patents, but Debian would be free to package and distribute infringing code from a Dutch server. Only *commercial* distribution is forbidden by the patent laws of most countries. Debian is a non-profit organization and so immune to Dutch patent law. > I don't believe the US will ever stop supporting softare patents; > there's too much money at stake. By the same reasoning, the EC member states should also all support software patents. The European industry also has a lot of money at stake in software-related R&D (all the software in DVD players and mobile phones, for example). Regards, Arnoud -- Arnoud Engelfriet, (almost) Dutch patent attorney - Speaking only for myself Patents, copyright and IPR explained for techies: http://www.iusmentis.com/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Bug#143281: RFP: scummvm -- free implementation of LucasArts S.C.U.M.M.
Hi
On Friday, 19. April 2002 11:53, Tille, Andreas wrote:
> On Wed, 17 Apr 2002, Andrew Suffield wrote:
> > On Wed, Apr 17, 2002 at 01:45:19PM +0200, Andreas Tille
wrote:
> > Unfortunately it may not be quite so free. I haven't checked
> > it in detail, but I'm told the only decent sound support is
> > of dubious license status.
It seems that in the directory sound, there are some files
(fmopl.cpp, mixer.cpp and some of the .h files) which do not
carry a GPL statement. So, maybe you should ask the upstrem
author(s) to clarify this.
> Could anybody please sort out whether it is possible to split
> it into
>
> main/scummvm
Are there any DFSG free SCUMM adventures around? To me, this
looks similar to the situation of lxdoom, which is in contrib.
> non-free/scummvom-sound
This seems not a good idea. If the parts in question are really
non-free, they must not be linked with GPLed code. So if they
are scummvm-specific, they cannot go into non-free, either.
cu,
Thomas
}:o{#
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Crypto++ licencing
Stephen Zander <[EMAIL PROTECTED]> wrote: > For the rest, I'll remove IDEA, DSS & LUC from the upstream tarball, > put that in non-us/main for now, package the IDEA code separately and > put it in non-us/non-free Well, like I said, I don't think that you really need to remove LUC. A vague claim that someone has a patent applies to just about every piece of software. Unless they start enforcing the patent, I wouldn't worry about it. If you start worrying too much about patents, you won't be able to do anything. Regards, Walter Landry [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: openssl and GPL
On Sun, Apr 21, 2002 at 04:15:09PM +1000, Brian May wrote: > 1. What is the problem? I have read the GPL, and cannot recall the > problem. According to the top of /usr/doc/openssl/copyright, > openssl has a dual BSD style license. I haven't heard of problems > linking GPL code with BSD code before. So why is this different? They both have advertising clauses, which means it can't be linked with GPL code. > 2. Is http://www.openssl.org/support/faq.html#LEGAL> wrong? ie. > "the GPL does not place restrictions on using libraries that are part of > the normal operating system distribution". Yes, it does state that. The restrictions on it, however, are somewhat confusing, and leads many of us to believe that Debian can't distribute GPL'ed code linked with it in main. For one thing, putting it on the same CD as libssl wouldn't be possible, as then "that component itself [libssl, in this case] accompanies the executable." -- David Starner - [EMAIL PROTECTED] "It's not a habit; it's cool; I feel alive. If you don't have it you're on the other side." - K's Choice (probably referring to the Internet) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
openssl and GPL
Hello, I am still a bit confused as to the problems with linking GPL code with OPENSSL. I don't intend to start any flame wars... Please send CCs to me. Thanks. If there is somewhere I can find this information, URLs would be appreciated. 1. What is the problem? I have read the GPL, and cannot recall the problem. According to the top of /usr/doc/openssl/copyright, openssl has a dual BSD style license. I haven't heard of problems linking GPL code with BSD code before. So why is this different? 2. Is http://www.openssl.org/support/faq.html#LEGAL> wrong? ie. "the GPL does not place restrictions on using libraries that are part of the normal operating system distribution". I normally like the GPL, but I find it a bit irratating that I can't take some GPL program, and link it against Heimdal (which happens to be linked against OpenSSL), without express permission from all the copyright holders of the GPL software. In fact, I would argue that this goes against the goals of the GPL. -- Brian May <[EMAIL PROTECTED]> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
