Re: GPL, OpenSSL and Non-Free
hmmm, wasn't non-us on different servers? If so, would that work? (does it still even exist?)
Re: GPL, OpenSSL and Non-Free
Don Armstrong wrote: However, I've maintained that even if that is the case, we still can't activate this clause because OpenSSL is not normally distributed (in either source or binary form) with the major components. That seems to be the easier half. The major components of Debian are typically distributed via either HTTP/FTP or CD. On the full CD set, you will naturally find OpenSSL. Thus, here it is distributed w/ the major components. This is the one official CD set. [On the smaller businesscard CD, I think you do to (not sure --- would have to check)] On the HTTP/FTP servers, you will also find openssl. If we assume that things that accompany (as in GPL 3(b)) are distributed with, then just like the source code found on those servers, openssl is distributed along with the major components. Of course, the problem is that non-free is on the same FTP server.
Re: GPL, OpenSSL and Non-Free
On Fri, Dec 31, 2004 at 04:03:25PM -0500, Anthony DeRobertis wrote: hmmm, wasn't non-us on different servers? If so, would that work? (does it still even exist?) That was the (admittedly rather specious) argument under which we justified ignoring this problem before. With the demolition of non-us, it no longer applies. -- .''`. ** Debian GNU/Linux ** | Andrew Suffield : :' : http://www.debian.org/ | `. `' | `- -- | signature.asc Description: Digital signature
Re: GPL, OpenSSL and Non-Free
On Thu, 30 Dec 2004, Lewis Jardine wrote: /unless that component itself accompanies the executable/. (my emphasis) As I understand it, in a Debian distribution, anything that could qualify for the exception 'accompanies the executable' by virtue of being on the same CD/web server/etc. Is this a correct interpretation? Typically. Yet, in this particular case, we were talking (hypothetically) about moving FreeRadius into non-free, and whether or not that would enable us to distribute it at all by activating this clause. Since non-free is not part of Debian, and doesn't get distributed on the same CD, an argument could be made that it doesn't accompany OpenSSL. [I don't know if I agree with this argument, but I'll admit that a sufficiently high powered lawyer could get this argument to convince a court of law.] However, I've maintained that even if that is the case, we still can't activate this clause because OpenSSL is not normally distributed (in either source or binary form) with the major components. It is especially telling that openssl is Priority: optional, not even Priority: standard or higher as are pretty much all of the major components (kernel[1], compiler, etc.)] Don Armstrong 1: Well, most kernels are optional too, but you'll be hard pressed to have a system without one somewhere... -- When I was a kid I used to pray every night for a new bicycle. Then I realised that the Lord doesn't work that way so I stole one and asked Him to forgive me. -- Emo Philips. http://www.donarmstrong.com http://rzlab.ucr.edu signature.asc Description: Digital signature
Re: GPL, OpenSSL and Non-Free
* Paul Hampson: As I understand it, the issue is that anything in the Debian archive is considered to be distributed with Debian, and so the GPL's exception for libraries that come with the OS doesn't apply since the application also comes with the OS. (In GPL's terms, the OS comes with the application) However, non-free is not part of Debian (as per the social contract) so it would be OK to put GPL'd programs that depend on OpenSSL into non-free? I suppose, that in the GPL sense, non-free *is* part of Debian.
Re: GPL, OpenSSL and Non-Free
On Thu, Dec 30, 2004 at 02:21:24AM +1100, Paul Hampson wrote: However, non-free is not part of Debian (as per the social contract) so it would be OK to put GPL'd programs that depend on OpenSSL into non-free? The GPL special exception doesn't care about part of vs. not part of. What matters there is accompanies. And, a number of web sites are configured with non-free accompanying main. If we could guarantee that none of our mirrors accompanied main with non-free, then it should be ok to put that kind of software in non-free. -- Raul
Re: GPL, OpenSSL and Non-Free
On Thu, 30 Dec 2004, Paul Hampson wrote: As I understand it, the issue is that anything in the Debian archive is considered to be distributed with Debian, and so the GPL's exception for libraries that come with the OS doesn't apply since the application also comes with the OS. (In GPL's terms, the OS comes with the application) Just for completeness, here's the clause in question: However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. (GNU GPL �3) However, non-free is not part of Debian (as per the social contract) so it would be OK to put GPL'd programs that depend on OpenSSL into non-free? Unfortunatly, it is not clear that openssl is normally distributed with the other components, as we do not require that people actually install openssl. Moreover, if we did claim that it did, the fact that they are both on the same mirror (in the typical case) leads to the conclusion that openssl accompanies an executable in non-free. [This becomes a the result is not distributable instead of a the result is not DFSG free.] In the end, your best bet is to either 1) get the exception from the FreeRadius upstream or 2) port FreeRadius to gnutls. Working around the problem using non-free really isn't going to work. -- There is no mechanical problem so difficult that it cannot be solved by brute strength and ignorance. -- William's Law http://www.donarmstrong.com http://rzlab.ucr.edu
Re: GPL, OpenSSL and Non-Free
On Wed, Dec 29, 2004 at 04:47:06PM -0800, Don Armstrong wrote: On Thu, 30 Dec 2004, Paul Hampson wrote: As I understand it, the issue is that anything in the Debian archive is considered to be distributed with Debian, and so the GPL's exception for libraries that come with the OS doesn't apply since the application also comes with the OS. (In GPL's terms, the OS comes with the application) Just for completeness, here's the clause in question: However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. (GNU GPL ???3) However, non-free is not part of Debian (as per the social contract) so it would be OK to put GPL'd programs that depend on OpenSSL into non-free? Unfortunatly, it is not clear that openssl is normally distributed with the other components, as we do not require that people actually install openssl. Moreover, if we did claim that it did, the fact that they are both on the same mirror (in the typical case) leads to the conclusion that openssl accompanies an executable in non-free. [This becomes a the result is not distributable instead of a the result is not DFSG free.] In the end, your best bet is to either 1) get the exception from the FreeRadius upstream or 2) port FreeRadius to gnutls. Working around the problem using non-free really isn't going to work. This permission would have to come from more than just FreeRadius upstream, as it links in a number of other libraries including some that are distributed under the GPL. -- Steve Langasek postmodern programmer
