Re: System libraries and the GPLv2 (was: Re: GnuTLS in Debian)

Florian Weimer schrieb: > Would it be possible to get real legal advice on this matter, with the > concrete goal to find a usable process to leverage the system library > exception in the GPLv2? We should have done that a decade ago... The SFLC can probably help, but an

System libraries and the GPLv2 (was: Re: GnuTLS in Debian)

GMP (version 4.2.1) for Debian. > > #2 Fork GnuTLS 2 for Debian. > > #3 Hope that GMP is relicensed to GPL2+/LGPLv3+ (this is what eventually happened. > #4 Hop nettle switches to a different arbitrary precision arithmetic > library. > > #5 Declare GMP to be a syste

Re: GnuTLS in Debian

Carlos Alberto Lopez Perez clo...@igalia.com wrote: On 28/01/14 16:53, Andreas Metzler wrote: There seems to be some good news: https://gmplib.org/repo/gmp/rev/02634effbd4e | Update library files license to use LGPL3+ and GPL2+. Do you know what motivated the change? Was because of the

Re: GnuTLS in Debian

using GnuTLS 2.x. [...] - #1 Fork LGPLv2.1+ GMP (version 4.2.1) for Debian. #2 Fork GnuTLS 2 for Debian. #3 Hope that GMP is relicensed to GPL2+/LGPLv3+ #4 Hope nettle switches to a different arbitrary precision arithmetic library. #5 Declare GMP to be a system library. #6 Move

Re: GnuTLS in Debian

On 28/01/14 16:53, Andreas Metzler wrote: There seems to be some good news: https://gmplib.org/repo/gmp/rev/02634effbd4e | Update library files license to use LGPL3+ and GPL2+. Do you know what motivated the change? Was because of the license issue in Debian? signature.asc Description:

Re: GnuTLS in Debian

On Sun, Dec 22, 2013 at 08:12:40PM +0100, Andreas Metzler wrote: Hello, Debian ist still relying heavily on GnuTLS 2.12.x, and I do not think this is sustainable for much longer. State of Play: - In July 2011 with version 3.0 [1] GnuTLS switched to Nettle as only supported

Re: GnuTLS in Debian

Kurt Roeckx k...@roeckx.be wrote: [gnutls28 debian copyright file] It seems to me that the copyright file contradicts itself, and that not only GMP is under LGPLv3+ Thank you for pointing this out, it is a piece if outdated information. I will fix the Debian copyright file to reflect

Re: GnuTLS in Debian

On 11/01/14 17:37, Игорь Пашев wrote: Do I understand correctly the following: Application M under the MIT license linked to LGPL3 library L - ok Application C under the CDDL license linked to LGPL3 library L - ok Application G under the GPL3 license linked to LGPL3 library L - ok, all

CUPS is now linked against OpenSSL (was: Re: GnuTLS in Debian)

Hi all, this GnuTLS in Debian thread triggered my switch of the src:cups package from linking against GnuTLS to now link against OpenSSL. CUPS is GPL-2 only with an OpenSSL exception. Today, Andreas rightly pointed to me that this induces a problem (for Debian) for all GPL-without-OpenSSL

Re: CUPS is now linked against OpenSSL (was: Re: GnuTLS in Debian)

On Sat, 2014-01-11 at 17:55 +0100, Didier 'OdyX' Raboud wrote: Hi all, this GnuTLS in Debian thread triggered my switch of the src:cups package from linking against GnuTLS to now link against OpenSSL. CUPS is GPL-2 only with an OpenSSL exception. Today, Andreas rightly pointed to me

Re: GnuTLS in Debian

Do I understand correctly the following: Application M under the MIT license linked to LGPL3 library L - ok Application C under the CDDL license linked to LGPL3 library L - ok Application G under the GPL3 license linked to LGPL3 library L - ok, all under GPL3 Bang! Application M is now under

Re: CUPS is now linked against OpenSSL (was: Re: GnuTLS in Debian)

On Sat, 2014-01-11 at 17:55 +0100, Didier 'OdyX' Raboud wrote: Hi all, this GnuTLS in Debian thread triggered my switch of the src:cups package from linking against GnuTLS to now link against OpenSSL. CUPS is GPL-2 only with an OpenSSL exception. Now, as far as I understood the thread

Re: GnuTLS in Debian

On Sat, 2014-01-11 at 21:37 +0400, Игорь Пашев wrote: Do I understand correctly the following: Application M under the MIT license linked to LGPL3 library L - ok Application C under the CDDL license linked to LGPL3 library L - ok Application G under the GPL3 license linked to LGPL3 library L

Re: CUPS is now linked against OpenSSL (was: Re: GnuTLS in Debian)

On Sat, Jan 11, 2014 at 05:24:16PM +, Ben Hutchings wrote: On Sat, 2014-01-11 at 17:55 +0100, Didier 'OdyX' Raboud wrote: Hi all, this GnuTLS in Debian thread triggered my switch of the src:cups package from linking against GnuTLS to now link against OpenSSL. CUPS is GPL-2 only

Re: GPLv2-only considered harmful [was Re: GnuTLS in Debian]

On Sat, Jan 04, 2014 at 03:13:01AM +, Clint Adams wrote: On Wed, Jan 01, 2014 at 10:58:32AM +0100, David Weinehall wrote: That's also why I *don't* use BSD-style licenses for software that I write, but rather GPLv2 or LGPLv2.1. So if someone takes your LGPLv2.1-only software and adds

Re: GPLv2-only considered harmful [was Re: GnuTLS in Debian]

On 6 January 2014 15:07, David Weinehall t...@debian.org wrote: On Sat, Jan 04, 2014 at 03:13:01AM +, Clint Adams wrote: On Wed, Jan 01, 2014 at 10:58:32AM +0100, David Weinehall wrote: That's also why I *don't* use BSD-style licenses for software that I write, but rather GPLv2 or

Re: GPLv2-only considered harmful [was Re: GnuTLS in Debian]

Hi Dimitri, On Mon, 6 Jan 2014 15:22:09 +, Dimitri John Ledkov x...@debian.org wrote: But GPL text does confuse me as a whole, no modifications nor derivate works of the GPL license text are allowed, and the original text has and later clause - is licensing without and later constitues

Re: GPLv2-only considered harmful [was Re: GnuTLS in Debian]

Op 05-01-14 15:57, Clint Adams schreef: On Sat, Jan 04, 2014 at 05:07:29PM +0100, Wouter Verhelst wrote: This goes for GPLvX or later, but also for other or later licenses, where they exist. I'm convinced that the GPLv2 is a free license, but I'm so far undecided on the GPLv3 (mainly because

Re: GPLv2-only considered harmful [was Re: GnuTLS in Debian]

On Sat, Jan 04, 2014 at 05:07:29PM +0100, Wouter Verhelst wrote: This goes for GPLvX or later, but also for other or later licenses, where they exist. I'm convinced that the GPLv2 is a free license, but I'm so far undecided on the GPLv3 (mainly because I've not read the license text in much

Re: GPLv2-only considered harmful [was Re: GnuTLS in Debian]

Hi there! On Sat, 04 Jan 2014 04:29:02 +0100, Paul Tagliamonte wrote: On Tue, Dec 31, 2013 at 08:59:53AM -0600, Matt Zagrabelny wrote: So your doomsday scenario is that if you license something GPLv2+, someone might fork and modify it to be GPLv3+, I was under the impression that forks

Re: GnuTLS in Debian

Op 23-12-13 23:43, Clint Adams schreef: GPLv2-only folks should be made to see how their antisocial behavior is harming everyone. I think this is a delightful situation for them to be in. I am not a member of the church of GNU, nor do I wish to be. I respect Richard Stallman (and his band of

Re: GnuTLS in Debian

Moritz Mühlenhoff j...@inutil.org wrote: Andreas Metzler ametz...@debian.org schrieb: #5 Declare GMP to be a system library. (..) #5 was how Fedora looked at the OpenSSL library issue. Since Debian has another viewpoint on OpenSSL I somehow doubt we would use it for GMP. We should do that

Re: GnuTLS in Debian

]] Russ Allbery Wildly off-topic, but hey. :-) Yeah, I saw that also in Bernhard's reply. That confusion had honestly never occurred to me before since, despite the visual similarities, the words are completely unrelated in English. The etymologies are disjoint: idiot comes from French

Re: GPLv2-only considered harmful [was Re: GnuTLS in Debian]

On Wed, Jan 01, 2014 at 10:58:32AM +0100, David Weinehall wrote: That's also why I *don't* use BSD-style licenses for software that I write, but rather GPLv2 or LGPLv2.1. So if someone takes your LGPLv2.1-only software and adds GPLv2-only code to it, do you feel similarly betrayed because you

Re: GPLv2-only considered harmful [was Re: GnuTLS in Debian]

On Tue, Dec 31, 2013 at 08:59:53AM -0600, Matt Zagrabelny wrote: So your doomsday scenario is that if you license something GPLv2+, someone might fork and modify it to be GPLv3+, I was under the impression that forks couldn't change licenses. Is the scenario which Clint describes (legally)

Re: GPLv2-only considered harmful [was Re: GnuTLS in Debian]

On Tue, Dec 31, 2013 at 02:54:50PM +, Clint Adams wrote: On Sun, Dec 29, 2013 at 03:50:06AM +0100, David Weinehall wrote: Apart from the termination clause, the GPLv2 is far more concise, I don't see tivoization as a problem (it's the software I want to protect, not anyone's combination

Re: GnuTLS in Debian

Le 30 déc. 2013 10:06, Florian Weimer f...@deneb.enyo.de a écrit : * Bastien ROUCARIES: Fedora created a open SSL compat library based on libnss. It doesn't work all that well because there is no way to implement host name checking. The OpenSSL API it's based on did not have an interface

Re: GnuTLS in Debian

Russ Allbery schrieb: Bernhard R. Link brl...@debian.org writes: Could you please stop using that word idiosyncratic. I believe idiosyncratic is exactly the correct term: idiosyncratic adj 1: peculiar to the individual; we all have our own idiosyncratic gestures;

Re: GnuTLS in Debian

Thomas Hochstein t...@inter.net writes: Russ Allbery schrieb: Bernhard R. Link brl...@debian.org writes: Could you please stop using that word idiosyncratic. I believe idiosyncratic is exactly the correct term: idiosyncratic adj 1: peculiar to the individual; we all have our own

Re: GPLv2-only considered harmful [was Re: GnuTLS in Debian]

On Sun, Dec 29, 2013 at 03:50:06AM +0100, David Weinehall wrote: Apart from the termination clause, the GPLv2 is far more concise, I don't see tivoization as a problem (it's the software I want to protect, not anyone's combination of it with hardware), nor do I care about compatibility with

Re: GPLv2-only considered harmful [was Re: GnuTLS in Debian]

On Tue, Dec 31, 2013 at 8:54 AM, Clint Adams cl...@debian.org wrote: On Sun, Dec 29, 2013 at 03:50:06AM +0100, David Weinehall wrote: Apart from the termination clause, the GPLv2 is far more concise, I don't see tivoization as a problem (it's the software I want to protect, not anyone's

Re: GPLv2-only considered harmful [was Re: GnuTLS in Debian]

Matt, Yes, it is possible, but only the contributions of the fork would be GPLv3 only, the original GPLv2+ code would still be just that. Nevertheless, the final product would be GPLv3 only. Cameron Norman On Tue, Dec 31, 2013 at 6:59 AM, Matt Zagrabelny mzagr...@d.umn.edu wrote: On Tue,

Re: GPLv2-only considered harmful [was Re: GnuTLS in Debian]

On Tue, Dec 31, 2013 at 08:59:53AM -0600, Matt Zagrabelny wrote: On Tue, Dec 31, 2013 at 8:54 AM, Clint Adams cl...@debian.org wrote: On Sun, Dec 29, 2013 at 03:50:06AM +0100, David Weinehall wrote: Apart from the termination clause, the GPLv2 is far more concise, I don't see tivoization as

Re: GnuTLS in Debian

* Bastien ROUCARIES: Fedora created a open SSL compat library based on libnss. It doesn't work all that well because there is no way to implement host name checking. The OpenSSL API it's based on did not have an interface for host name verification, and the compatibility library does not

Re: GnuTLS in Debian

Thomas Goirand wrote: Most upstream authors who cares about licensing, do not agree with Debian's view about GPL and OpenSSL incompatibility, and this is what counts. Is that true? When does it even come up? What do this majority of upstream

Re: GnuTLS in Debian

Jonathan Nieder jrnie...@gmail.com writes: Is that true? When does it even come up? What do this majority of upstream authors take the meaning and purpose of the phrase unless that component itself accompanies the executable. in the GPLv2 to be? Most upstream authors that I've

Re: GnuTLS in Debian

Hi, Russ Allbery r...@debian.org writes: Most upstream authors that I've spoken with don't believe that licensing crosses the shared library ABI boundary, that the shared OpenSSL library and the GPLv2 program that calls it remain separate works, and therefore there is no need for OpenSSL to

Re: GnuTLS in Debian

On 2013-12-30 10:57:32 -0800, Russ Allbery wrote: Most upstream authors that I've spoken with don't believe that licensing crosses the shared library ABI boundary, that the shared OpenSSL library and the GPLv2 program that calls it remain separate works, and therefore there is no need for

Re: GnuTLS in Debian

Vincent Lefevre vinc...@vinc17.net writes: On 2013-12-30 10:57:32 -0800, Russ Allbery wrote: Most upstream authors that I've spoken with don't believe that licensing crosses the shared library ABI boundary, that the shared OpenSSL library and the GPLv2 program that calls it remain separate

Re: GnuTLS in Debian

Ansgar Burchardt ans...@debian.org writes: Russ Allbery r...@debian.org writes: Most upstream authors that I've spoken with don't believe that licensing crosses the shared library ABI boundary, that the shared OpenSSL library and the GPLv2 program that calls it remain separate works, and

Re: GnuTLS in Debian

On Mon, Dec 30, 2013 at 10:15:02PM +0100, Ansgar Burchardt wrote: Russ Allbery r...@debian.org writes: Most upstream authors that I've spoken with don't believe that licensing crosses the shared library ABI boundary, that the shared OpenSSL library and the GPLv2 program that calls it remain

Re: GnuTLS in Debian

Steve Langasek vor...@debian.org writes: The GPL requirement about dependency licensing does not rely on the legal definition of derivative works. So arguments that a GPL program that links against OpenSSL is not a derivative work of OpenSSL are missing the point. I don't believe this is

Re: GPLv2-only considered harmful [was Re: GnuTLS in Debian]

On 2013-12-28 19:24:33 -0800, Steve Langasek wrote: Now, the companies in question may legitimately regard a GPLv2+ upstream as a source business risk, because they have no guarantee that future versions of the software won't be made available under GPLv3+ instead of GPLv2+, and if they're

Re: GnuTLS in Debian

* Andreas Metzler: In July 2011 with version 3.0 [1] GnuTLS switched to Nettle as only supported crypto backend. Nettle requires GMP. GnuTLS and Nettle are available under LGPLv2.1+. GMP used to be licensed LGPLv2.1+ ages ago but upgraded to LGPLv3+ in version 4.2.2 (released September

Re: GnuTLS in Debian

On 12/28/2013 06:09 PM, Bernhard R. Link wrote: * Thomas Goirand z...@debian.org [131228 08:30]: don't think it does anymore, especially seeing that almost no upstream author cares about Debian's nit-picking on this particular issue. We're just beating ourselves for no valid reason. Almost

Re: GPLv2-only considered harmful [was Re: GnuTLS in Debian]

On Sat, Dec 28, 2013 at 05:59:35PM -0500, Stephen M. Webb wrote: Nope. An organization that will not accept the GPLv3 because of the tivoization and patent clauses will not accept GPLv2 or later. The or later clause means a downstream can invoke their rights under the GPLv3 to demand

Re: GnuTLS in Debian

On Mon, Dec 23, 2013 at 10:43:54PM +, Clint Adams wrote: [snip] GPLv2-only folks should be made to see how their antisocial behavior is harming everyone. I think this is a delightful situation for them to be in. Plenty of other licenses have an or later baked in and nobody whines about

Re: GnuTLS in Debian

* Russ Allbery r...@debian.org [131227 18:53]: Bernhard R. Link brl...@debian.org writes: * Russ Allbery r...@debian.org [131224 01:42]: On the contrary, it's Debian's insistence on following an idiosyncratic license interpretation that's creating the supposed unfairness. This is

Re: GnuTLS in Debian

* Thomas Goirand z...@debian.org [131228 08:30]: don't think it does anymore, especially seeing that almost no upstream author cares about Debian's nit-picking on this particular issue. We're just beating ourselves for no valid reason. Almost no upstream author cares about licensing at all.

Re: GnuTLS in Debian

On 2013-12-28 09:45:09 +0100, David Weinehall wrote: Relicensing libraries that have long been GPL v2 (or later) or LGPL v2.1 (or later) to (L)GPL v3 (or later) is, if anything, very antisocial, since it locks out users of GPL v2 (only) software and forces the GPL v3 interpretation onto GPL v2

GPLv2-only considered harmful [was Re: GnuTLS in Debian]

On Sat, Dec 28, 2013 at 09:45:09AM +0100, David Weinehall wrote: As one of the GPL v2 only proponents, I take affront. I choose to license what little software I release as GPL v2 only because I do not consider the GPL v3 to have what attracted me to use the GPL v2 in the first place. The

Re: GPLv2-only considered harmful [was Re: GnuTLS in Debian]

On 12/28/2013 03:53 PM, Clint Adams wrote: On Sat, Dec 28, 2013 at 09:45:09AM +0100, David Weinehall wrote: As one of the GPL v2 only proponents, I take affront. I choose to license what little software I release as GPL v2 only because I do not consider the GPL v3 to have what attracted me to

Re: GPLv2-only considered harmful [was Re: GnuTLS in Debian]

On Sat, Dec 28, 2013 at 04:11:18PM -0500, Stephen M. Webb wrote: On 12/28/2013 03:53 PM, Clint Adams wrote: On Sat, Dec 28, 2013 at 09:45:09AM +0100, David Weinehall wrote: As one of the GPL v2 only proponents, I take affront. I choose to license what little software I release as GPL v2

Re: GPLv2-only considered harmful [was Re: GnuTLS in Debian]

On 12/28/2013 04:15 PM, Kurt Roeckx wrote: On Sat, Dec 28, 2013 at 04:11:18PM -0500, Stephen M. Webb wrote: On 12/28/2013 03:53 PM, Clint Adams wrote: On Sat, Dec 28, 2013 at 09:45:09AM +0100, David Weinehall wrote: As one of the GPL v2 only proponents, I take affront. I choose to license

Re: GPLv2-only considered harmful [was Re: GnuTLS in Debian]

On Sun, 29 Dec 2013 02:59:35 +0400, Stephen M. Webb stephen.w...@bregmasoft.ca wrote: On 12/28/2013 04:15 PM, Kurt Roeckx wrote: On Sat, Dec 28, 2013 at 04:11:18PM -0500, Stephen M. Webb wrote: On 12/28/2013 03:53 PM, Clint Adams wrote: On Sat, Dec 28, 2013 at 09:45:09AM +0100, David

Re: GPLv2-only considered harmful [was Re: GnuTLS in Debian]

On 28/12/13 22:59, Stephen M. Webb wrote: On 12/28/2013 04:15 PM, Kurt Roeckx wrote: On Sat, Dec 28, 2013 at 04:11:18PM -0500, Stephen M. Webb wrote: There are organization who will allow v2 but not v3 because of the tivoizaton and patent clauses. A developer may want his work to be used by

Re: GPLv2-only considered harmful [was Re: GnuTLS in Debian]

On Sat, Dec 28, 2013 at 05:59:35PM -0500, Stephen M. Webb wrote: On 12/28/2013 04:15 PM, Kurt Roeckx wrote: On Sat, Dec 28, 2013 at 04:11:18PM -0500, Stephen M. Webb wrote: On 12/28/2013 03:53 PM, Clint Adams wrote: On Sat, Dec 28, 2013 at 09:45:09AM +0100, David Weinehall wrote: As one

Re: GPLv2-only considered harmful [was Re: GnuTLS in Debian]

On 12/28/2013 07:51 PM, Kurt Roeckx wrote: The or later means or later and just that. It doesn't mean a downstream can say they received it under the later version. And the upstream can't claim that either. The or later means my clients' lawyers state unequivocally that they will not

Re: GPLv2-only considered harmful [was Re: GnuTLS in Debian]

On 2013-12-28 17:59:35 -0500, Stephen M. Webb wrote: On 12/28/2013 04:15 PM, Kurt Roeckx wrote: On Sat, Dec 28, 2013 at 04:11:18PM -0500, Stephen M. Webb wrote: There are organization who will allow v2 but not v3 because of the tivoizaton and patent clauses. A developer may want his work

Re: GPLv2-only considered harmful [was Re: GnuTLS in Debian]

On Sat, Dec 28, 2013 at 08:53:56PM +, Clint Adams wrote: On Sat, Dec 28, 2013 at 09:45:09AM +0100, David Weinehall wrote: As one of the GPL v2 only proponents, I take affront. I choose to license what little software I release as GPL v2 only because I do not consider the GPL v3 to have

Re: GPLv2-only considered harmful [was Re: GnuTLS in Debian]

On Sat, Dec 28, 2013 at 08:38:09PM -0500, Stephen M. Webb wrote: On 12/28/2013 07:51 PM, Kurt Roeckx wrote: The or later means or later and just that. It doesn't mean a downstream can say they received it under the later version. And the upstream can't claim that either. The or later

Re: GnuTLS in Debian

On Dec 28, Bernhard R. Link brl...@debian.org wrote: Almost no upstream author cares about licensing at all. The mayority of Great, no ethical issues to be concerned with then. Debian is no corporation that can just willy-nilly copy stuff around without caring for the law and hoping noone

Re: GnuTLS in Debian

Steve Langasek dixit: of GPLv3, and explicitly did not. In fact, the system library exception is now defined even more narrowly than for GPLv2, so that it now covers only language runtime libraries. I think this was a poor choice on the FSF's Is it really? | A Standard Interface means an

Re: GnuTLS in Debian

* Russ Allbery r...@debian.org [131224 01:42]: On the contrary, it's Debian's insistence on following an idiosyncratic license interpretation that's creating the supposed unfairness. This is obviously not Red Hat's fault. Could you please stop using that word idiosyncratic. How about using

Re: GnuTLS in Debian

Bernhard R. Link brl...@debian.org writes: * Russ Allbery r...@debian.org [131224 01:42]: On the contrary, it's Debian's insistence on following an idiosyncratic license interpretation that's creating the supposed unfairness. This is obviously not Red Hat's fault. Could you please stop

Re: GnuTLS in Debian

On Fri, Dec 27, 2013 at 02:38:50PM +, Thorsten Glaser wrote: Steve Langasek dixit: of GPLv3, and explicitly did not. In fact, the system library exception is now defined even more narrowly than for GPLv2, so that it now covers only language runtime libraries. I think this was a poor

Re: GnuTLS in Debian

On 12/25/2013 12:38 AM, Clint Byrum wrote: Excerpts from Thomas Goirand's message of 2013-12-23 23:38:15 -0800: On 12/24/2013 12:04 AM, Marco d'Itri wrote: This is self-inflicted damage, and I think it's slightly arrogant to pretend that Debian is the only organization which cares about

Re: GnuTLS in Debian

On mer, dic 25, 2013 at 01:36:13 -0800, Jonathan Nieder wrote: Russ Allbery wrote: Has anyone asked the Git maintainers whether they object to their software being linked with a libcurl that uses OpenSSL? I am not the author of the most of Git. As a minority author: - libcurl

Re: GnuTLS in Debian

On Mon, 23 Dec 2013 23:36:34 -0800, Steve Langasek wrote: I, too, believe that we could use the reality check. We already did so with our patent policy and solved long-standing problems for our users. Well, I'm not sure what problems that patent policy actually solved for our users. As

Re: GnuTLS in Debian

Russ Allbery wrote: Has anyone asked the Git maintainers whether they object to their software being linked with a libcurl that uses OpenSSL? I am not the author of the most of Git. As a minority author: - libcurl provides a quite similar API with OpenSSL as with GnuTLS. I wish it

Re: GnuTLS in Debian

On 23/12/13 02:16, Shawn Wilson wrote: My gut reaction was that #5 or #6 are the best option (leaning to #6). However I guess I don't understand what making something a system library effects the license? Andreas Metzler ametz...@debian.org wrote: #5 Declare GMP to be a system library.

Re: GnuTLS in Debian

Excerpts from Russ Allbery's message of 2013-12-23 16:42:29 -0800: Clint Byrum spam...@debian.org writes: Excerpts from Russ Allbery's message of 2013-12-23 10:54:49 -0800: Clint Byrum spam...@debian.org writes: An author is not the only party to text. There are also those who have

Re: GnuTLS in Debian

Excerpts from Thomas Goirand's message of 2013-12-23 23:38:15 -0800: On 12/24/2013 12:04 AM, Marco d'Itri wrote: This is self-inflicted damage, and I think it's slightly arrogant to pretend that Debian is the only organization which cares about ethics. For once, I agree with you Marco.

Re: GnuTLS in Debian

On Tue, Dec 24, 2013 at 12:02:31PM +0100, Carlos Alberto Lopez Perez wrote: About the system library exception, this is what the GPL FAQ tells: Q: Can I link a GPL program with a proprietary system library? A: Both versions of the GPL have an exception to their copyleft, commonly called the

Re: GnuTLS in Debian

On Sun, Dec 22, 2013 at 9:59 PM, Ben Hutchings b...@decadent.org.uk wrote: On Sun, 2013-12-22 at 19:52 +, brian m. carlson wrote: On Sun, Dec 22, 2013 at 08:12:40PM +0100, Andreas Metzler wrote: How to continue from here/solve this: - #1 Fork LGPLv2.1+ GMP (version 4.2.1) for

Re: GnuTLS in Debian

On Dec 23, Steve Langasek vor...@debian.org wrote: Red Hat only needs to meet the standard that they don't think there's risk to the company of being sued for a license violation. Debian holds itself to a higher, ethical standard of complying with the license even when the risks are small. I

Re: GnuTLS in Debian

Excerpts from md's message of 2013-12-23 08:04:57 -0800: On Dec 23, Steve Langasek vor...@debian.org wrote: Red Hat only needs to meet the standard that they don't think there's risk to the company of being sued for a license violation. Debian holds itself to a higher, ethical standard

Re: GnuTLS in Debian

Clint Byrum spam...@debian.org writes: An author is not the only party to text. There are also those who have received this license, and adhered to it for the sake of the author and the copyright holders who have also adhered to it. So, it is rather disrespectful and could cause harm to

Re: GnuTLS in Debian

On Mon, Dec 23, 2013 at 10:54:49AM -0800, Russ Allbery wrote: but I think we should ask a real lawyer and not rely on careful parsing Yes, this is true, but I’m wondering how many lawyer you mean to ask? Is one enough? After all this is a difficult question, and you will only get the final

Re: GnuTLS in Debian

Stephan Seitz stse+deb...@fsing.rootsland.net writes: Yes, this is true, but I’m wondering how many lawyer you mean to ask? Is one enough? After all this is a difficult question, and you will only get the final answer from a judge in the end. The realistic probability of a lawsuit here is

Re: GnuTLS in Debian

On Mon, Dec 23, 2013 at 10:54:49AM -0800, Russ Allbery wrote: There is no way to change the OpenSSL license. The project doesn't use copyright assignment and the number of contributors is far too large to be able to track them all down and get their permission. I do not believe that either of

Re: GnuTLS in Debian

On Mon, Dec 23, 2013 at 08:04:32PM +, Clint Adams wrote: On Mon, Dec 23, 2013 at 10:54:49AM -0800, Russ Allbery wrote: There is no way to change the OpenSSL license. The project doesn't use copyright assignment and the number of contributors is far too large to be able to track them

Re: GnuTLS in Debian

Steve Langasek vor...@debian.org writes: I think you've managed to invert my point here, actually, which was that when someone licenses their work under *the GPL*, we should respect their wishes - even though it would make our lives a lot easier to be able to ship binaries linked against

Re: GnuTLS in Debian

On 23 December 2013 20:04, Clint Adams cl...@debian.org wrote: On Mon, Dec 23, 2013 at 10:54:49AM -0800, Russ Allbery wrote: There is no way to change the OpenSSL license. The project doesn't use copyright assignment and the number of contributors is far too large to be able to track them all

Re: GnuTLS in Debian

Clint Adams cl...@debian.org writes: If I recall correctly, similar things were said about freeing Moria and Angband, then it turned out that it would have been trivial to contact Robert Koeneke if anyone had actually bothered to try. That doesn't quite match my memory. People did try when

Re: GnuTLS in Debian

On Mon, Dec 23, 2013 at 12:24:11PM -0800, Steve Langasek wrote: Which crypto library has a non-awful API? Many of the native Haskell crypto libraries do. I am aware that that is a somewhat unhelpful answer. I think you've managed to invert my point here, actually, which was that when someone

Re: GnuTLS in Debian

will need keep another old library version around. (I doubt that GnuTLS upstream will port GnuTLS 2.12.x to newer gcrypt.) How to continue from here/solve this: - #1 Fork LGPLv2.1+ GMP (version 4.2.1) for Debian. #2 Fork GnuTLS 2 for Debian. #3 Hope that GMP is relicensed to GPL2

Re: GnuTLS in Debian

Excerpts from Russ Allbery's message of 2013-12-23 10:54:49 -0800: Clint Byrum spam...@debian.org writes: An author is not the only party to text. There are also those who have received this license, and adhered to it for the sake of the author and the copyright holders who have also

Re: GnuTLS in Debian

Clint Byrum spam...@debian.org writes: Excerpts from Russ Allbery's message of 2013-12-23 10:54:49 -0800: Clint Byrum spam...@debian.org writes: An author is not the only party to text. There are also those who have received this license, and adhered to it for the sake of the author and the

Re: GnuTLS in Debian

On 22/12/13 21:59, Ben Hutchings wrote: #1 Fork LGPLv2.1+ GMP (version 4.2.1) for Debian. This seems like the best idea, as it lets us use newer versions of GnuTLS that support elliptic curves with the minimum amount of pain. I think this would be a good idea if GnuTLS doesn't depend on

Re: GnuTLS in Debian

On Mon, Dec 23, 2013 at 12:50:36PM -0800, Russ Allbery wrote: Steve Langasek vor...@debian.org writes: I think you've managed to invert my point here, actually, which was that when someone licenses their work under *the GPL*, we should respect their wishes - even though it would make our

Re: GnuTLS in Debian

On 12/24/2013 12:04 AM, Marco d'Itri wrote: This is self-inflicted damage, and I think it's slightly arrogant to pretend that Debian is the only organization which cares about ethics. For once, I agree with you Marco. On 12/24/2013 01:22 AM, Clint Byrum wrote: If it were to reverse position,

Re: GnuTLS in Debian

On Mon, Dec 23, 2013 at 08:40:54AM +0200, Faidon Liambotis wrote: On 12/23/13 02:15, Steve Langasek wrote: I think a better way to put Marco's argument would be: [h]acker legal education, with its roots in programming, is strong on formal precision and textual exegesis. But it is notably light

GnuTLS in Debian

will need keep another old library version around. (I doubt that GnuTLS upstream will port GnuTLS 2.12.x to newer gcrypt.) How to continue from here/solve this: - #1 Fork LGPLv2.1+ GMP (version 4.2.1) for Debian. #2 Fork GnuTLS 2 for Debian. #3 Hope that GMP is relicensed to GPL2+/LGPLv3+ #4

Re: GnuTLS in Debian

of pain. #2 Fork GnuTLS 2 for Debian. #3 Hope that GMP is relicensed to GPL2+/LGPLv3+ #4 Hop nettle switches to a different arbitrary precision arithmetic library. #5 Declare GMP to be a system library. I don't think this is actually feasible, due to the way the GPLv2 is actually written

Re: GnuTLS in Debian

Andreas Metzler ametz...@debian.org schrieb: #5 Declare GMP to be a system library. (..) #5 was how Fedora looked at the OpenSSL library issue. Since Debian has another viewpoint on OpenSSL I somehow doubt we would use it for GMP. We should do that (and also reevaluate the position wrt

Re: GnuTLS in Debian

Moritz Mühlenhoff j...@inutil.org writes: Andreas Metzler ametz...@debian.org schrieb: #5 Declare GMP to be a system library. (..) #5 was how Fedora looked at the OpenSSL library issue. Since Debian has another viewpoint on OpenSSL I somehow doubt we would use it for GMP. We should do

Re: GnuTLS in Debian

On Sun, 2013-12-22 at 19:52 +, brian m. carlson wrote: On Sun, Dec 22, 2013 at 08:12:40PM +0100, Andreas Metzler wrote: How to continue from here/solve this: - #1 Fork LGPLv2.1+ GMP (version 4.2.1) for Debian. This seems like the best idea, as it lets us use newer versions of

Re: GnuTLS in Debian

Le 22 déc. 2013 22:00, Ben Hutchings b...@decadent.org.uk a écrit : On Sun, 2013-12-22 at 19:52 +, brian m. carlson wrote: On Sun, Dec 22, 2013 at 08:12:40PM +0100, Andreas Metzler wrote: How to continue from here/solve this: - #1 Fork LGPLv2.1+ GMP (version 4.2.1) for

Re: GnuTLS in Debian

On Dec 22, Moritz Mühlenhoff j...@inutil.org wrote: We should do that (and also reevaluate the position wrt OpenSSL) by running it by the Software Freedom Law Center. Red Hat has real lawyers who looked into the issue, we should do the same. Agreed, Debian has been promoting bad decisions

  1   2   >