 |
|
|
|
Next: Encryption laws outside US
|
| Author |
Message |
External
Since: Nov 08, 2007
Posts: 4
|
(Msg. 1) Posted: Thu Nov 08, 2007 2:00 pm
Post subject: transitive GPL (exim4, OpenSSL, mySQL and others)
Archived from groups: linux>debian>legal (more info?)
|
|
|
Hi,
This is a follow-up for my blog entry
http://blog.zugschlus.de/archives/585-exim4-vs.-OpenSSL-vs.-GnuTLS.html
which unfortunately didn't result in the license advice that I was
hoping to get. I am therefore asking debian-legal for opinions. Please
note that I am neither a native speaker of english nor am I very
fluent in english legalese.
exim4 is GPL and links, in the exim4-daemon-heavy flavour, against
GnuTLS, the mySQL client library, libpq and some other libraries.
exim4 has an explicit exemption to allow linking to OpenSSL; and I was
told that MySQL's FOSS exemption clause says the same in legalese for
OpenSSL. libpq is already linked against OpenSSL.
GnuTLS has a truckload of technical issues which - in sum - raise my
motivation to change exim4 to use OpenSSL tremendously. I am simply
sick of having to handle GnuTLS incompatibilities.
Now my questions:
(1)
Is it ok to change exim's SSL library to OpenSSL in the current setup
without violating the GPL for some of the library currently in use
(2)
Will it be a violation of the GPL to link exim to a
GPL-without-OpenSSL-exemption-clause library in the future?
(3)
Is this violation maybe already happening by virtue of linking
indirectly to OpenSSL via libpq?
I am also interested to hear about other license aspects that I might
move myself into when changing exim to use OpenSSL instead of GnuTLS.
Greetings
Marc
--
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber | " Questions are the | Mailadresse im Header
Mannheim, Germany | Beginning of Wisdom " | http://www.zugschlus.de/
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834 |
|
| Back to top |
|
 | |
External
Since: Dec 28, 2006
Posts: 89
|
(Msg. 2) Posted: Fri Nov 09, 2007 2:40 pm
Post subject: Re: transitive GPL (exim4, OpenSSL, mySQL and others) [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
Marc Haber writes ("transitive GPL (exim4, OpenSSL, mySQL and others)"):
> (1)
> Is it ok to change exim's SSL library to OpenSSL in the current setup
> without violating the GPL for some of the library currently in use
You mentioned libpq and mysql. What other libraries are involved ?
All of the licences must be compatible.
> (2)
> Will it be a violation of the GPL to link exim to a
> GPL-without-OpenSSL-exemption-clause library in the future?
Yes.
> (3)
> Is this violation maybe already happening by virtue of linking
> indirectly to OpenSSL via libpq?
Does libpq pull in OpenSSL ? What is the licence of libpq ?
I think we could give you a better answer if you provided a full
run-down of the facts: a complete list of all of the libraries and
programs which are used when you compile exim in this way, how they
relate to each other, and what their licenses are.
Ian.
--
To UNSUBSCRIBE, email to debian-legal-REQUEST.TakeThisOut@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster.TakeThisOut@lists.debian.org |
|
| Back to top |
|
| |
External
Since: Nov 08, 2007
Posts: 4
|
(Msg. 3) Posted: Fri Nov 09, 2007 5:00 pm
Post subject: Re: transitive GPL (exim4, OpenSSL, mySQL and others) [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
On Fri, 9 Nov 2007 19:16:49 +0000, Ian Jackson
<ian.DeleteThis@davenant.greenend.org.uk> wrote:
>Marc Haber writes ("transitive GPL (exim4, OpenSSL, mySQL and others)"):
>> (1)
>> Is it ok to change exim's SSL library to OpenSSL in the current setup
>> without violating the GPL for some of the library currently in use
>
>You mentioned libpq and mysql. What other libraries are involved ?
I am quite interested in the general case.
>> (3)
>> Is this violation maybe already happening by virtue of linking
>> indirectly to OpenSSL via libpq?
>
>Does libpq pull in OpenSSL ?
libpq-dev depends on libssl-dev, yes.
>What is the licence of libpq ?
| Permission to use, copy, modify, and distribute this software and its
| documentation for any purpose, without fee, and without a written agreement
| is hereby granted, provided that the above copyright notice and this
| paragraph and the following two paragraphs appear in all copies.
(two "no warranty" disclaimers deleted, see
/usr/share/doc/libpq-dev/copyright)
>I think we could give you a better answer if you provided a full
>run-down of the facts: a complete list of all of the libraries and
>programs which are used when you compile exim in this way, how they
>relate to each other, and what their licenses are.
Is there a tool that follows the library link path and at least lists
all libraries depended on, or do I need to spend days to collect this
manually?
Greetings
Marc
--
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber | " Questions are the | Mailadresse im Header
Mannheim, Germany | Beginning of Wisdom " | http://www.zugschlus.de/
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834 |
|
| Back to top |
|
| |
External
Since: Nov 08, 2007
Posts: 4
|
(Msg. 4) Posted: Wed Nov 14, 2007 10:00 am
Post subject: Re: transitive GPL (exim4, OpenSSL, mySQL and others) [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
On Fri, 09 Nov 2007 23:35:55 +0100, Josselin Mouette <joss DeleteThis @debian.org>
wrote:
>Le jeudi 08 novembre 2007 à 19:27 +0100, Marc Haber a écrit :
>> (1)
>> Is it ok to change exim's SSL library to OpenSSL in the current setup
>> without violating the GPL for some of the library currently in use
>
>It would be nice to get explicit permission from the Exim developers to
>link with Perl code under the Artistic license, but it seems to me that
>this whole mess is already legally redistributable.
I have filed an upstream bug
(http://bugs.exim.org/show_bug.cgi?id=629) asking for this permission.
>> (3)
>> Is this violation maybe already happening by virtue of linking
>> indirectly to OpenSSL via libpq?
>
>It would, if exim and libmysqlclient's exceptions weren't so broad.
Let me understand this in Theory. Given the following link tree:
-------------
| program P |
-------------
/ \
/ \
------------- -------------
| library L | | library M |
------------- -------------
|
-------------
| OpenSSL |
-------------
If both M and P were GPL with OpenSSL exception, but L were GPL
without OpenSSL exception, this linking would be a violation of L's
license?`By virtue of P linking to M and L and M linking to OpenSSL?
Greetings
Marc
--
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber | " Questions are the | Mailadresse im Header
Mannheim, Germany | Beginning of Wisdom " | http://www.zugschlus.de/
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834 |
|
| Back to top |
|
| |
External
Since: May 17, 2007
Posts: 102
|
(Msg. 5) Posted: Wed Nov 14, 2007 5:10 pm
Post subject: Re: transitive GPL (exim4, OpenSSL, mySQL and others) [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
Marc Haber <mh+debian-legal@zugschlus.de> writes:
> If both M and P were GPL with OpenSSL exception, but L were GPL
> without OpenSSL exception, this linking would be a violation of L's
> license?`By virtue of P linking to M and L and M linking to OpenSSL?
That's my understanding, yes.
This is why things like "OpenSSL exclusion clause" are a stop-gap
measure only; the license incompatibility continues to be a problem
for any new code combined with the work, and it's easy to overlook
that.
In my view, the ideal solution from a reduce-licensing-headaches
perspective is to get all the code in a work licensed compatibly with
no need for exception clauses, either by relicensing some parts or by
replacing parts with equivalents under compatible licenses.
--
\ "For fast acting relief, try slowing down." -- Jane Wagner, |
`\ via Lily Tomlin |
_o__) |
Ben Finney
--
To UNSUBSCRIBE, email to debian-legal-REQUEST.DeleteThis@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster.DeleteThis@lists.debian.org |
|
| Back to top |
|
| |
External
Since: May 17, 2007
Posts: 102
|
(Msg. 6) Posted: Wed Nov 14, 2007 9:40 pm
Post subject: Re: transitive GPL (exim4, OpenSSL, mySQL and others) [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
Stephen Gran <sgran RemoveThis @debian.org> writes:
> This one time, at band camp, Marc Haber said:
> > If both M and P were GPL with OpenSSL exception, but L were GPL
> > without OpenSSL exception, this linking would be a violation of
> > L's license?`By virtue of P linking to M and L and M linking to
> > OpenSSL?
>
> I have been under the impression that the answer is no. You're not
> linking L to OpenSSL. It could be argued that this was an attempt at
> defeating the GPL if P was a thin shim layer between L and OpenSSL,
It doesn't need to be "an attempt at defeating the GPL"; I don't think
that question is relevant.
> but I don't think anyone can reasonably argue that for our default MTA.
That would appear to have even less relevance: whaetheer the program
is a "Hello, World" or "our default MTA" wouuld seem to have no
bearing on the question of its status as a derived work of OpenSSL.
What's relevant is whether L is considered, under copyright law, to be
a "derivative work" of those works it is linked with. If M and P are
to be considered derivative of OpenSSL, I don't see the legal theory
that makes L somehow *not* a derivative work of OpenSSL.
--
\ "The optimist thinks this is the best of all possible worlds. |
`\ The pessimist fears it is true." -- J. Robert Oppenheimer |
_o__) |
Ben Finney
--
To UNSUBSCRIBE, email to debian-legal-REQUEST RemoveThis @lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster RemoveThis @lists.debian.org |
|
| Back to top |
|
| |
External
Since: May 16, 2007
Posts: 6
|
(Msg. 7) Posted: Thu Nov 15, 2007 12:40 am
Post subject: Re: transitive GPL (exim4, OpenSSL, mySQL and others) [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
Stephen Gran wrote:
> I have been under the impression that the answer is no. You're not
> linking L to OpenSSL. It could be argued that this was an attempt at
> defeating the GPL if P was a thin shim layer between L and OpenSSL,
> but I don't think anyone can reasonably argue that for our default MTA.
Imagine a statically linked P. I do not see how such a thing could be
anything less than a combined work of L and OpenSSL (and the rest).
Dynamic linking is a bit tougher, and there has been some controversy
over it. Debian's policy, as I understand it, is to be as risk-averse
as possible, and assume dynamic linking and static linking are
equivalent for all relevant purposes without some explicit statement to
the contrary.
Thus, for Debian's purposes, the task is to prove that statically
linking L and OpenSSL as part of the process of constructing the P
static executable does not cause that resulting executable to be a
derivative work of both L and OpenSSL under copyright law.
Frankly, I suspect that it would be impossible to prove such a thing, if
only because such a decision would have a massive negative effect on
those who make their living from aggressive copyright-mongering, such as
the RIAA. But I could be wrong.
--
To UNSUBSCRIBE, email to debian-legal-REQUEST.RemoveThis@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster.RemoveThis@lists.debian.org |
|
| Back to top |
|
| |
External
Since: Nov 08, 2007
Posts: 4
|
(Msg. 8) Posted: Fri Nov 16, 2007 3:00 am
Post subject: Re: transitive GPL (exim4, OpenSSL, mySQL and others) [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
On Thu, 15 Nov 2007 09:00:56 +1100, Ben Finney
<bignose+hates-spam@benfinney.id.au> wrote:
>In my view, the ideal solution from a reduce-licensing-headaches
>perspective is to get all the code in a work licensed compatibly with
>no need for exception clauses, either by relicensing some parts or by
>replacing parts with equivalents under compatible licenses.
The former is not an option for OpenSSL (has probably been tried
millions of times), and the latter is, in the majority of users'
opinion, not an option because GnuTLS has major interoperability
issues to be actually useable.
Greetings
Marc
--
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber | " Questions are the | Mailadresse im Header
Mannheim, Germany | Beginning of Wisdom " | http://www.zugschlus.de/
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834 |
|
| Back to top |
|
| |
External
Since: May 17, 2007
Posts: 102
|
(Msg. 9) Posted: Fri Nov 16, 2007 4:20 am
Post subject: Re: transitive GPL (exim4, OpenSSL, mySQL and others) [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
Marc Haber <mh+debian-legal@zugschlus.de> writes:
> The former [relicensing component parts under compatible licenses]
> is not an option for OpenSSL (has probably been tried millions of
> times)
Never say never; popular works do sometimes change licenses from
community pressure to be compatible. I haven't tried it myself in the
case of OpenSSL, though, so I can't gainsay your specific statement of
multiple attempts.
> and the latter [replacing components with functional equivalents
> under compatible licenses] is, in the majority of users' opinion,
> not an option because GnuTLS has major interoperability issues to be
> actually useable.
I keep seeing this claim made, but the specifics elude me. This thread
isn't really the place to detail it, though.
Is there a clearing-house site showing exactly what the problems are
for a project wanting to move from OpenSSL to GnuTLS, and why those
problems are so insurmountable that GnuTLS cannot be improved to
overcome them despite "the majority of users" wanting those
improvements?
--
\ "Quidquid latine dictum sit, altum viditur." ("Whatever is |
`\ said in Latin, sounds profound.") —anonymous |
_o__) |
Ben Finney
--
To UNSUBSCRIBE, email to debian-legal-REQUEST.TakeThisOut@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster.TakeThisOut@lists.debian.org |
|
| Back to top |
|
| |
|
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
|
|
|
FAQ
Search
Profile
Private Messages
Log in
Linux