enabling transport and on storage encryption in bacula on ..

Hello,

The current released version (2.4.x) series under an interpretation that
OpenSSL is not a system library routine, which is Debian's position, means
that they cannot distribute Bacula with OpenSSL enabled (Bacula
communications and data encryption).

The source code does exist, but is simply not enabled in the Debian binaries.
As a consequence, if you want encryption in Bacula, there are two choices:

1. Build it from source yourself (perfectly legal -- only distribution
violates the GPL license).

2. Wait for version 3.0.0 (currently in Beta testing as version 2.5.28-b1).
This version has no licensing problems (pointer to details for version 2.4.x
provided by John) and so Debian will be able to release it with OpenSSL
compiled in.

Best regards,

Kern



On Sunday 04 January 2009 00:59:33 Thomas Stegbauer wrote:
> hello everybody,
>
> a happy new year to all.
>
> as i figured currently out, bacula on debian is unable to encryption
> the data.
>
> http://lists.debian.org/debian-legal/2007/07/msg00144.html
>
>
> what can be done this get solved within debian 5.0 lenny?
>
>
> greetings
> thomas



--
To UNSUBSCRIBE, email to debian-legal-REQUEST DeleteThis @lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster DeleteThis @lists.debian.org

* Kern Sibbald <kern RemoveThis @sibbald.com> [090104 19:21]:
> The current released version (2.4.x) series under an interpretation that
> OpenSSL is not a system library routine, which is Debian's position, means
> that they cannot distribute Bacula with OpenSSL enabled (Bacula
> communications and data encryption).

substitute "not a system library" with "cannot be described as
'major component[...] of the operating system on which the executable runs,
unless that component itself accompanies the executable'". (and remember that
we want to put everything together on a single Bluray disc (or DVD/cdrom set), so
everything in Debian accompanies everything else).

Hochachtungsvoll,
Bernhard R. Link


--
To UNSUBSCRIBE, email to debian-legal-REQUEST RemoveThis @lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster RemoveThis @lists.debian.org

Hello everybody,

thanx for all your answer's.

I think Version 3 wont make it into Debian 5.0 Lenny
so the only solution for me would be to compile the version by my own on
each needed machine, what is imho unhappy, but if this is the only
solution
hopefully the licence's of version 3 are compatible with debian's policy and
*dreaming*
it would make it into debian lenny and a half
*end dreaming*

greetings
thomas

Am 04.01.2009 17:48, schrieb Kern Sibbald:
> Hello,
>
> The current released version (2.4.x) series under an interpretation that
> OpenSSL is not a system library routine, which is Debian's position, means
> that they cannot distribute Bacula with OpenSSL enabled (Bacula
> communications and data encryption).
>
> The source code does exist, but is simply not enabled in the Debian binaries.
> As a consequence, if you want encryption in Bacula, there are two choices:
>
> 1. Build it from source yourself (perfectly legal -- only distribution
> violates the GPL license).
>
> 2. Wait for version 3.0.0 (currently in Beta testing as version 2.5.28-b1).
> This version has no licensing problems (pointer to details for version 2.4.x
> provided by John) and so Debian will be able to release it with OpenSSL
> compiled in.
>
> Best regards,
>
> Kern
>
>
>
> On Sunday 04 January 2009 00:59:33 Thomas Stegbauer wrote:
>
>> hello everybody,
>>
>> a happy new year to all.
>>
>> as i figured currently out, bacula on debian is unable to encryption
>> the data.
>>
>> http://lists.debian.org/debian-legal/2007/07/msg00144.html
>>
>>
>> what can be done this get solved within debian 5.0 lenny?
>>
>>
>> greetings
>> thomas
>>
>
>
>


--
# Stegbauer Datawork
# Thomas Stegbauer
# Oberjulbachring 9, 84387 Julbach
# https://keyserver1.pgp.com/vkd/SubmitSearch.event?SearchCriteria=thoma...tegbaue
# PGP Fingerprint: C5B5 BDBD 6607 A9DF E545 0EC5 9DDF 9749 BD05 808A

-------------------------------------------------------------------------
Die Nachricht wurde vom Absender mittels S/MIME digital signiert.
Bitte die Signatur pruefen! Die Signatur wurde der E-Mail angehaengt.

Signierte E-Mail ermoeglicht es, die Authentizitaet der Nachricht zu
ueberpruefen, dass die Nachricht von dem angezeigten Absender stammt
und nicht waehrend der Uebertragung gefaelscht wurde.
-------------------------------------------------------------------------


--
To UNSUBSCRIBE, email to debian-legal-REQUEST.RemoveThis@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster.RemoveThis@lists.debian.org

> > 1. Build it from source yourself (perfectly legal -- only distribution
> > violates the GPL license).

Isn't it the FSF's position that "user does the link" violates GPL?

Of course, even then, that only applies to distribution--which means that
the user can build it from source himself, but the fact that Debian distributes
something the user *can* use to build it from source itself violates GPL.


--
To UNSUBSCRIBE, email to debian-legal-REQUEST.DeleteThis@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster.DeleteThis@lists.debian.org

On Monday 05 January 2009 23:08:33 Ken Arromdee wrote:
> > > 1. Build it from source yourself (perfectly legal -- only distribution
> > > violates the GPL license).
>
> Isn't it the FSF's position that "user does the link" violates GPL?

No. Please read the GPL.

>
> Of course, even then, that only applies to distribution--which means that
> the user can build it from source himself, but the fact that Debian
> distributes something the user *can* use to build it from source itself
> violates GPL.

No.



--
To UNSUBSCRIBE, email to debian-legal-REQUEST RemoveThis @lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster RemoveThis @lists.debian.org

On Tue, 6 Jan 2009, Kern Sibbald wrote:
> > > > 1. Build it from source yourself (perfectly legal -- only distribution
> > > > violates the GPL license).
> >
> > Isn't it the FSF's position that "user does the link" violates GPL?
>
> No. Please read the GPL.

I suggest you Google up "user does the link". Unless they changed their
position recently, they *do* think that creating something designed to link
against GPL coder, but not distributing the GPL code and letting the user get
it and link it in, is a violation.


--
To UNSUBSCRIBE, email to debian-legal-REQUEST.DeleteThis@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster.DeleteThis@lists.debian.org

Kern Sibbald <kern.RemoveThis@sibbald.com> writes:

> 1. Build it from source yourself (perfectly legal -- only distribution
> violates the GPL license).

The question is whether it is legal to distribute the Bacula sources
(including parts depending on OpenSSL) to begin with. These are
uncertain legal grounds to say the least.

> 2. Wait for version 3.0.0 (currently in Beta testing as version
> 2.5.28-b1). This version has no licensing problems (pointer to
> details for version 2.4.x provided by John) and so Debian will be
> able to release it with OpenSSL compiled in.

Ah, that's good to hear!

Hendrik


--
To UNSUBSCRIBE, email to debian-legal-REQUEST.RemoveThis@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster.RemoveThis@lists.debian.org

On Wednesday 07 January 2009 21:59:45 Hendrik Weimer wrote:
> Kern Sibbald <kern RemoveThis @sibbald.com> writes:
> > 1. Build it from source yourself (perfectly legal -- only distribution
> > violates the GPL license).
>
> The question is whether it is legal to distribute the Bacula sources
> (including parts depending on OpenSSL) to begin with. These are
> uncertain legal grounds to say the least.

I personally don't believe that such distribution is a problem -- after all
Debian does distribute pure GPLv2 code and OpenSSL source code on the same
ISO image.

Problems of mismatched licenses apparently occur when forming and distributing
a "mixed" binary program or when mixing different licenced source code in the
same file and distributing it. As far as I know Bacula 2.4.x does not mix
source code with different licenses in the same source file (we simply call
libraries that when executed are incompatible), and Debian as well as its
derivatives have decided not to form a Bacula binary using the offending
libraries.

In any case, there are many other programs that have far worse problems than
the old Bacula code. Most of the Bacula problems involve code copyrighted by
FSF, and the FSF is very well aware of the Bacula problem all the way up to
RMS. They are also very well aware that I take those problems seriously and
fixed them a long time ago. For these kinds of "technical" problems, I
certainly hope that no one would not want to simply stop supplying the source
code -- that would likely hurt the users far more than helping the Free
Software movement, and so far none of the authors of the pure GPLv2 code have
complained.

I resolved the problem long time ago, so I consider it just a question of
ensuring a conservative, smooth transition from the old code the new code.

If someone is really concerned by the "legality" of using the old source, then
they should feel free to use the new code (beta), which has absolutely no
license problems.

Regards.

Lerm

>
> > 2. Wait for version 3.0.0 (currently in Beta testing as version
> > 2.5.28-b1). This version has no licensing problems (pointer to
> > details for version 2.4.x provided by John) and so Debian will be
> > able to release it with OpenSSL compiled in.
>
> Ah, that's good to hear!
>
> Hendrik



--
To UNSUBSCRIBE, email to debian-legal-REQUEST RemoveThis @lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster RemoveThis @lists.debian.org

Ken Arromdee wrote:
> On Tue, 6 Jan 2009, Kern Sibbald wrote:
>>>>> 1. Build it from source yourself (perfectly legal -- only distribution
>>>>> violates the GPL license).
>>> Isn't it the FSF's position that "user does the link" violates GPL?
>> No. Please read the GPL.
>
> I suggest you Google up "user does the link". Unless they changed their
> position recently, they *do* think that creating something designed to link
> against GPL coder, but not distributing the GPL code and letting the user get
> it and link it in, is a violation.

That's not the same thing as "building it from source yourself".


--
To UNSUBSCRIBE, email to debian-legal-REQUEST.TakeThisOut@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster.TakeThisOut@lists.debian.org

Kern Sibbald <kern.TakeThisOut@sibbald.com> writes:

> I personally don't believe that such distribution is a problem --
> after all Debian does distribute pure GPLv2 code and OpenSSL source
> code on the same ISO image.

This should not be a problem anyway as it falls under the "mere
aggregation" clause.

> Problems of mismatched licenses apparently occur when forming and
> distributing a "mixed" binary program or when mixing different
> licenced source code in the same file and distributing it. As far
> as I know Bacula 2.4.x does not mix source code with different
> licenses in the same source file (we simply call libraries that when
> executed are incompatible), and Debian as well as its derivatives
> have decided not to form a Bacula binary using the offending
> libraries.

I see what you mean, but I think there is a problem with this
reasoning. If you redistribute GPLv2ed sources you must ensure that
all recipients of the code enjoy the rights granted to you the license
(6.). One such right is the distribution of the software as a binary
(3.), which you may not without satisfying OpenSSL's advertizing
clause. Which in turn means you may not distribute the software at all
(7.).

> In any case, there are many other programs that have far worse
> problems than the old Bacula code. Most of the Bacula problems
> involve code copyrighted by FSF, and the FSF is very well aware of
> the Bacula problem all the way up to RMS. They are also very well
> aware that I take those problems seriously and fixed them a long
> time ago. For these kinds of "technical" problems, I certainly hope
> that no one would not want to simply stop supplying the source code
> -- that would likely hurt the users far more than helping the Free
> Software movement, and so far none of the authors of the pure GPLv2
> code have complained.

I fully agree here. I don't think the FSF(E) will go berzerk for
someone distributing Bacula. However, Debian's policy on licensing
usually involves taking the high road rather than doing what you can
get away with. Moreover, the belief that distributing software in
source form magically frees you from your obligations under the GPL
seems rather mystical to me.

Hendrik


--
To UNSUBSCRIBE, email to debian-legal-REQUEST.TakeThisOut@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster.TakeThisOut@lists.debian.org

Ken Arromdee <arromdee RemoveThis @rahul.net> wrote:
> I suggest you Google up "user does the link". [...]

I suggest you just post the URL(s) you mean. Google results pages are
highly volatile and vary by browser location: what you saw then may
not be what I see now. It also seems unkind to tell upstream
developers to use non-free software like Google, instead of writing
great free software like they usually do.

Thanks,
--
MJR/slef
My Opinion Only: see http://people.debian.org/~mjr/
Please follow http://www.uk.debian.org/MailingLists/#codeofconduct


--
To UNSUBSCRIBE, email to debian-legal-REQUEST RemoveThis @lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster RemoveThis @lists.debian.org

On Fri, 9 Jan 2009, MJ Ray wrote:

> Date: Fri, 09 Jan 2009 10:04:00 +0000
> From: MJ Ray <mjr.DeleteThis@phonecoop.coop>
> To: kern.DeleteThis@sibbald.com
> Cc: debian-legal.DeleteThis@lists.debian.org
> Subject: Re: enabling transport and on storage encryption in bacula on
> debian build
> Resent-Date: Fri, 9 Jan 2009 10:04:17 +0000 (UTC)
> Resent-From: debian-legal.DeleteThis@lists.debian.org
>
> Ken Arromdee <arromdee.DeleteThis@rahul.net> wrote:
> > I suggest you Google up "user does the link". [...]
>
> I suggest you just post the URL(s) you mean. Google results pages are
> highly volatile and vary by browser location: what you saw then may
> not be what I see now. It also seems unkind to tell upstream
> developers to use non-free software like Google, instead of writing
> great free software like they usually do.
>
> Thanks,
>


--
To UNSUBSCRIBE, email to debian-legal-REQUEST.DeleteThis@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster.DeleteThis@lists.debian.org

(Here goes an email with actual content, since I messed up...)

> > I suggest you Google up "user does the link". [...]
> I suggest you just post the URL(s) you mean. Google results pages are
> highly volatile and vary by browser location: what you saw then may
> not be what I see now.

You don't really need Google, you just need a tiny bit of knowledge about
some very famous things the FSF had said in the past. It has turned up for
NeXt and GNU Readline, for instance. Asking this is like asking for a
reference that Abraham Lincoln was a US President--it's just too well known.

If you really want a reference, try this:

http://www.fsf.org/licensing/licenses/gpl-faq.html#GPLPluginsInNF

# Can I release a program under the GPL which I developed using non-free tools?
#
# It depends on how the program invokes its plug-ins. For instance, if the
# program uses only simple fork and exec to invoke and communicate with
# plug-ins, then the plug-ins are separate programs, so the license of the
# plug-in makes no requirements about the main program.
#
# If the program dynamically links plug-ins, and they make function calls to
# each other and share data structures, we believe they form a single program,
# which must be treated as an extension of both the main program and the
# plug-ins. In order to use the GPL-covered plug-ins, the main program must
# be released under the GPL or a GPL-compatible free software license, and
# that the terms of the GPL must be followed when the main program is
# distributed for use with these plug-ins.

> It also seems unkind to tell upstream
> developers to use non-free software like Google, instead of writing
> great free software like they usually do.

You are being ridiculous. Google's search engine runs on their own machines.
They're not distributing it. Which means that most free licenses wouldn't
require Google to release any source code at all. (And the ones that
do are highly controversial.)

If you like, you can pretend that Google's search engine is under BSD. That
would make no difference whatsoever as to your rights to get it (which are
nonexistent in either case).


--
To UNSUBSCRIBE, email to debian-legal-REQUEST.RemoveThis@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster.RemoveThis@lists.debian.org