On 30/03/17 00:26, Josh Triplett wrote: > Carlos Alberto Lopez Perez wrote: >> On 26/03/17 01:01, Walter Landry wrote: >>> Florian Weimer <fw@deneb.enyo.de> wrote: >>>>> #5 Declare GMP to be a system library. >>>>> >>>> (snip) >>>> >>>>> #5 was how Fedora looked at the OpenSSL library issue. Since Debian >>>>> has another viewpoint on OpenSSL I somehow doubt we would use it for >>>>> GMP. >>>> >>>> I would like to suggest to treat more libraries as eligible for the >>>> system library exception within Debian. >>> >>> The traditional interpretation as I understand it is that nothing >>> Debian ships qualifies for the the system exception. This is because >>> Debian ships everything together, and the system exception only >>> applies for components that do not accompany the executable. >>> >> >> Debian ships everything together? Really? >> Then why we need repositories and apt-get at all? >> >> >> I think that any package that is essential for the base OS >> (aka Priority: required) should qualify for the system exception. > > The literal text of the GPLv2 would not allow that: > >> However, as a >> special exception, the source code distributed need not include >> anything that is normally distributed (in either source or binary >> form) with the major components (compiler, kernel, and so on) of the >> operating system on which the executable runs, unless that component >> itself accompanies the executable. > > Emphasis on "unless that component itself accompanies the executable". > > The intention of the system library exception is to allow third > parties to ship Free Software on proprietary platforms, while pointedly > *disallowing* the vendor of the proprietary platform from doing so. As > historical precedent, note that some vendors explicitly provided > entirely separate media containing GNU applications, in order to satisfy > that requirement. Are you a lawyer? In that case maybe you can explain me how is that RedHat (a company that makes billions of dollars worth of revenue and that is clearly much more interesting to sue than Debian if your intention when suing is seeking some economic compensation), is shipping GPL software (pure GPL -- without any OpenSSL linking exception on the license) and linked with OpenSSL, by simply declaring OpenSSL a system library, and nobody has still sued (or complained to) them for doing that? [1] And if you are not a lawyer (I am not), then I suggest we (the Debian project) seek for legal advice regarding whether is ok to do this or not. We did this after the ZFSonLinux package was blocked for years on the NEW queue because there was a disagreement whether shipping it was ok or not. And the lawyers from SFLC told us that shipping it t was ok [2]. [1] The FAQ is from Fedora, but the same applies to RHEL https://fedoraproject.org/wiki/Licensing:FAQ?rd=Licensing/FAQ#What.27s_the_deal_with_the_OpenSSL_license.3F https://www.openssl.org/docs/faq.html#LEGAL2 [2] https://lists.debian.org/debian-devel-announce/2015/04/msg00006.html
Attachment:
signature.asc
Description: OpenPGP digital signature