Re: Providing an openssl-linked pycurl

[Hendrik Weimer]

MJ Ray m...@phonecoop.coop writes:

 I think the suggestion is that software using python-pycurl would not
 change if they were using openssl or gnutls.  I don't understand how
 the GPL'd software is derived from openssl if it works interchangably
 with gnutls on the other side of pycurl.  Can you explain?

Even if it was legal, I would strongly object against replacing
python-pycurl with the OpenSSL version. In that case one would have to
comply to different license requirements depending on the functions one
uses within pycurl. Even if properly documented, this is asking for
undistributable code to be written, which might take ages to resolve.

Hendrik


-- 
To UNSUBSCRIBE, email to debian-legal-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/86tyojhf2b@mid.gienah.enyo.de

Re: Providing an openssl-linked pycurl

[Yavor Doganov]

В Wed, 30 Jun 2010 21:35:45 +0100, MJ Ray написа:

 I think the suggestion is that software using python-pycurl would not
 change if they were using openssl or gnutls.  I don't understand how the
 GPL'd software is derived from openssl if it works interchangably with
 gnutls on the other side of pycurl.  Can you explain?

I see no difference between this scenario and a classic C program that 
supports both OpenSSL and GnuTLS via #ifdef's and `configure' options.  

Or a C program linking against an LGPL'ed library which links against 
libssl.  If the library is modified to use GnuTLS instead, the program 
would still continue to work with that variant of the library 
interchangably (provided it is API/ABI compatible, of course).  If the 
program is using the gnutls-linked variant of the library, it needs no 
exception.  If it is using the openssl-linked variant, it does because of 
the indirect linking with libssl.


-- 
To UNSUBSCRIBE, email to debian-legal-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/i0hkej$9o...@dough.gmane.org

Re: Providing an openssl-linked pycurl

[MJ Ray]

Yavor Doganov wrote:
 Wed, 30 Jun 2010 21:35:45 +0100, MJ Ray
  I think the suggestion is that software using python-pycurl would not
  change if they were using openssl or gnutls.  I don't understand how the
  GPL'd software is derived from openssl if it works interchangably with
  gnutls on the other side of pycurl.  Can you explain?
 
 I see no difference between this scenario and a classic C program that 
 supports both OpenSSL and GnuTLS via #ifdef's and `configure' options.  

In the C-ifdef scenario, the GPL program is derived from both OpenSSL
and GnuTLS.  That is, its programmer obviously knows about OpenSSL's
functions.

In the pycurl scenario, the GPL program is derived from pycurl.  The
difference is that the GPL-using programmer need not know about
OpenSSL's functions, so I don't see how it can be said to be derived
from it.  It would even be written the same in a world without
OpenSSL, as long as pycurl is the same whether it's a version derived
from OpenSSL or a version derived from GNUTLS.

Can you explain why the GPL program using pycurl is derived from
OpenSSL, please?

 Or a C program linking against an LGPL'ed library which links against 
 libssl.  If the library is modified to use GnuTLS instead, the program 
 would still continue to work with that variant of the library 
 interchangably (provided it is API/ABI compatible, of course).  If the 
 program is using the gnutls-linked variant of the library, it needs no 
 exception.  If it is using the openssl-linked variant, it does because of 
 the indirect linking with libssl.

So, as long as debian usually installs the gnutls-linked variant, no
problem, right?

It's up to the user if they want to modify their system to install
the variant that may cause distribution/licensing problems.  Merely
having it available doesn't seem like a problem to me.

I repeat that I feel the best solution is to bugfix GNUTLS, broken
software or broken servers, before they break the OpenSSL variant too.
Rebuilding pycurl seems like a dirty/uncertain workaround.

Regards,
-- 
MJR/slef
My Opinion Only: see http://people.debian.org/~mjr/
Please follow http://www.uk.debian.org/MailingLists/#codeofconduct



-- 
To UNSUBSCRIBE, email to debian-legal-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20100701190919.78b4ef7...@nail.towers.org.uk