Re: TODO: GNU TLS

* mark(at)mark(dot)mielke(dot)cc (mark(at)mark(dot)mielke(dot)cc) wrote:
> > > Now Exim has granted an exception that gets Debian off the hook, but
> > > they didn't have to do that.
> > Right. If they didn't then it's conceivable that Exim could sue Debian
> > for violating the GPL license. Not exactly likely to happen but being
> > cautious it's best to get their explicit approval rather than playing
> > the "well, we'll just wait and see if they sue us" game.
>
> This is pure FUD, and unacceptable if spoken from a position of
> authority. State what you think this theoretical case would be. At

I've made it clear previously, but sure, why not. The case would be
something along the lines of Exim sueing Debian for building a
derivative (Exim w/ OpenSSL) which violated the terms of distribution of
Exim (GPL) which means Debian would be breaking copyright law by
distributing the resulting application.

With copyright law you have to show that you *have* the right, and
anything which is done against the license which gives you that right
which nullifies the license means you don't get to distribute the work,
at all. There's really not a whole lot more to it than that, and
there's nothing FUDdy about it.

> least if you picked GPL including closed source code, you might be
> able to claim that the resulting derived work was not distributed
> complete with source code. OpenSSL, however, is open source. The only

The GPL requires more than just being 'open source'.

> possible complaint could be "you failed to advertise OpenSSL in the
> resulting distributed image", which would be a correct observation,

No, a complaint could be "you didn't honor the terms of the GPL under
which you received the rights to distribute the work."

> easily corrected by the inclusion of a note in the documentation for
> the distributed software unit that includes both pieces of software.
> This correction is an existing requirement for any software
> distribution that includes OpenSSL, It is an acceptable, and easily
> honoured requirement.

Yet *having* that requirement on a *derived work* which includes GPL
code is *against* the terms of the GPL. That's *exactly* the issue.
The GPL says more than "you must provide the source code to everything",
it explicitly includes a requirement that no additional restrictions be
put on the derivative (lest requirements for no-additional-distribution
or must-charge-for-other-distribution be added which defeats much of the
point of the GPL).

> Anybody who has a problem admitting that their software distribution
> includes OpenSSL software in their documentation, has no sympathy from
> me. Attribution is an acceptable right to enforce under copyright law,
> and an honourable practice with or without a licensing requirement
> explicitly stating this as a requirement.

That's nice, it's got nothing to do with the conversation at hand, and
might even be FUD based on how you've used that term previously. :)
It's certainly rather frustrating to get these constant attacks during
this conversation where you put up something I'm not advocating and then
say "only bad people would say such things!"

> Caution to the point of fantasy is a waste of resources. Caution to
> further a political agenda (not you - but the people whose opinions you
> are repeating) is exploitation.

I don't believe Debian has any kind of political agenda in this regard.
Debian's agenda is to follow the licenses as best it can. While that
may go beyond what others feel like doing it's a good goal to have.

> I am unable to find a single clause in the GPL (which I have analyzed
> many years ago, but also re-read several times in the last two days)
> that would make it impossible to satisfy all of the GPL, PostgreSQL
> (BSD) license, and the OpenSSL license at the same time. Every single
> clause of all three licenses can be easily satisfied without conflict.
> Those of you who are claiming otherwise, have failed to point to a
> single phrase in the GPL that could not be satisfied when distributing
> all three pieces of software as a single unit. Without a single point
> of true conflict between all three licenses, I do not accept that
> there is any case to require an OpenSSL exemption clause for
> Debian. Those who are doing so are doing a disservice to everyone by
> contributing to the general confusion on this subject. The clause is
> not required. The clause has no effect.

Well, I pointed it out to you before but you seem to have happily
ignored it so I'll provide it again here, perhaps more clearly:

---
But when you
distribute the same sections as part of a whole which is a work based
on the Program, the distribution of the whole must be on the terms of
this License, whose permissions for other licensees extend to the
entire whole, and thus to each and every part regardless of who wrote
it.
---

---
6. Each time you redistribute the Program (or any work based on the
Program), the recipient automatically receives a license from the
original licensor to copy, distribute or modify the Program subject to
these terms and conditions. You may not impose any further
restrictions on the recipients' exercise of the rights granted herein.
---

There you have it. "You may not impose any further restrictions on the
recipients' exercise of the rights granted herein." That's exactly what
the OpenSSL advertising clause does- imposes a further restriction on
the execricse of the rights granted. That's exactly what makes
distributing a whole (comprised of both GPL'd code and OpenSSL) which
grants the permissions for other licensees in the GPL without further
restriction impossible.

> been raised. The GPL does not state that "GPL software may not derive
> from software that has an advertising clause." Considering that this
> is the primary point raised by people, it is ironic that the GPL has
> no such restriction.

Erm, it doesn't need one, it's got a blanket statement, as quoted above.

> Be honest about it. *You* don't like the advertising clause. The GPL
> has nothing to say on the issue, and therefore is *NOT* in conflict
> with it.

See above, heh.

> This thread has re-enforced my conclusion that the GPL is a poor choice
> of license for any product I ever work on in the future. A decade ago,
> as a teenager, I thought it was cool to put GPL on the software that I
> made available to the world. I felt like I was part of something bigger.
> Now I just feel disgusted. The GPL is not about freedom. It is about
> enforcing a world view on all who use your software.

Yay, so you don't like the GPL, doesn't sound like it's got alot to do
with what I like or don't after all. :)

> Thank you PostgreSQL contributors for choosing the BSD style. I think
> it was an excellent choice.

I'm a fan of newBSD (w/o the advertising clause) myself, actually. :)

Thanks,

Stephen