Re: TODO: GNU TLS

On Fri, Dec 29, 2006 at 09:52:08AM -0500, mark(at)mark(dot)mielke(dot)cc wrote:
> > I think the issue revolves around the conditions that GPL stipulates
> > about "linking against" libraries requiring the entire product to be
> > *distributed* as GPL, even if components have differing licenses. This
> > is the so-called "viral" clause that gets much attention!

> We're not talking about including GPL code in OpenSSL, though. This is
> about OpenSSL as the base library. The GPL cannot stipulate that a GPL
> program may only be linked against GPL libraries, or used on a GPL
> operating system, on GPL hardware. For example, if GNU coreutils is
> compiled for HP-UX. This is "linking against" software that is much
> more restrictive than the OpenSSL license. Is Stephen, or the people
> whose opinion he is repeating, going to claim that the FSF considers
> this an illegal distribution of GNU coreutils?

No, because that falls under the "operating system" exception.
Additionally, "linking against" is no problem. It's *distributing* the
"linked against" version that gets you in trouble.

The GPL doesn't care about *use*, only about distribution.

> The GPL can only require that any product *derived* from the work
> licensed with the GPL, only be derived from by products which are
> themselves GPL.

Correct. Additionally it can require that when you *distribute* that
compiled GPL program (the compiled version being a derived work of the
source), you provide the source to all the libraries used while running
it (barring the operating system exception). It couldn't care less what
licence is used by those libraries, as long as that licence is
compatable with the requirements the GPL has of the source (which is
not that the source must be GPL.

> I'm not that stunned that this is confusing to people. There is so much
> invalid information available, and most of us try to stay away from law
> as much as possible. It can be overwhelming. :-)

The reason this issue is confusing is because it's nobodies fault.
PostgreSQL by itself, no problem. Exim by itself, no problem. OpenSSL,
by itself, no problem. It's only when Debian want's to *distribute* a
compiled version of Exim linked against libpq while simultaneously
complying with all the licences.

Now Exim has granted an exception that gets Debian off the hook, but
they didn't have to do that.

> > Now as Tom pointed out, I dunno why OpenSSL suddenly gets so much
> > attention, but anyway, just trying to clarify why *in principle* that
> > Stephen F is talking about a valid *possible* interpretation of the
> > licensing maze...
>
> *nod*

OpenSSL is a very different beast and one of very very few packages
with this problem. See my other message.

Have a nice day,
--
Martijn van Oosterhout <kleptog(at)svana(dot)org> http://svana.org/kleptog/
> From each according to his ability. To each according to his ability to litigate.