Florian Weimer schrieb:
> Would it be possible to get real legal advice on this matter, with the
> concrete goal to find a usable process to leverage the system library
> exception in the GPLv2?
We should have done that a decade ago...
The SFLC can probably help, but an
GMP (version 4.2.1) for Debian.
>
> #2 Fork GnuTLS 2 for Debian.
>
> #3 Hope that GMP is relicensed to GPL2+/LGPLv3+
(this is what eventually happened.
> #4 Hop nettle switches to a different arbitrary precision arithmetic
> library.
>
> #5 Declare GMP to be a syste
Carlos Alberto Lopez Perez clo...@igalia.com wrote:
On 28/01/14 16:53, Andreas Metzler wrote:
There seems to be some good news:
https://gmplib.org/repo/gmp/rev/02634effbd4e
| Update library files license to use LGPL3+ and GPL2+.
Do you know what motivated the change?
Was because of the
using GnuTLS 2.x.
[...]
-
#1 Fork LGPLv2.1+ GMP (version 4.2.1) for Debian.
#2 Fork GnuTLS 2 for Debian.
#3 Hope that GMP is relicensed to GPL2+/LGPLv3+
#4 Hope nettle switches to a different arbitrary precision arithmetic
library.
#5 Declare GMP to be a system library.
#6 Move
On 28/01/14 16:53, Andreas Metzler wrote:
There seems to be some good news:
https://gmplib.org/repo/gmp/rev/02634effbd4e
| Update library files license to use LGPL3+ and GPL2+.
Do you know what motivated the change?
Was because of the license issue in Debian?
signature.asc
Description:
On Sun, Dec 22, 2013 at 08:12:40PM +0100, Andreas Metzler wrote:
Hello,
Debian ist still relying heavily on GnuTLS 2.12.x, and I do not think
this is sustainable for much longer.
State of Play:
-
In July 2011 with version 3.0 [1] GnuTLS switched to Nettle as only
supported
Kurt Roeckx k...@roeckx.be wrote:
[gnutls28 debian copyright file]
It seems to me that the copyright file contradicts itself,
and that not only GMP is under LGPLv3+
Thank you for pointing this out, it is a piece if outdated information.
I will fix the Debian copyright file to reflect
On 11/01/14 17:37, Игорь Пашев wrote:
Do I understand correctly the following:
Application M under the MIT license linked to LGPL3 library L - ok
Application C under the CDDL license linked to LGPL3 library L - ok
Application G under the GPL3 license linked to LGPL3 library L - ok,
all
Hi all,
this GnuTLS in Debian thread triggered my switch of the src:cups
package from linking against GnuTLS to now link against OpenSSL. CUPS is
GPL-2 only with an OpenSSL exception.
Today, Andreas rightly pointed to me that this induces a problem (for
Debian) for all GPL-without-OpenSSL
On Sat, 2014-01-11 at 17:55 +0100, Didier 'OdyX' Raboud wrote:
Hi all,
this GnuTLS in Debian thread triggered my switch of the src:cups
package from linking against GnuTLS to now link against OpenSSL. CUPS is
GPL-2 only with an OpenSSL exception.
Today, Andreas rightly pointed to me
Do I understand correctly the following:
Application M under the MIT license linked to LGPL3 library L - ok
Application C under the CDDL license linked to LGPL3 library L - ok
Application G under the GPL3 license linked to LGPL3 library L - ok,
all under GPL3
Bang!
Application M is now under
On Sat, 2014-01-11 at 17:55 +0100, Didier 'OdyX' Raboud wrote:
Hi all,
this GnuTLS in Debian thread triggered my switch of the src:cups
package from linking against GnuTLS to now link against OpenSSL. CUPS is
GPL-2 only with an OpenSSL exception.
Now, as far as I understood the thread
On Sat, 2014-01-11 at 21:37 +0400, Игорь Пашев wrote:
Do I understand correctly the following:
Application M under the MIT license linked to LGPL3 library L - ok
Application C under the CDDL license linked to LGPL3 library L - ok
Application G under the GPL3 license linked to LGPL3 library L
On Sat, Jan 11, 2014 at 05:24:16PM +, Ben Hutchings wrote:
On Sat, 2014-01-11 at 17:55 +0100, Didier 'OdyX' Raboud wrote:
Hi all,
this GnuTLS in Debian thread triggered my switch of the src:cups
package from linking against GnuTLS to now link against OpenSSL. CUPS is
GPL-2 only
On Sat, Jan 04, 2014 at 03:13:01AM +, Clint Adams wrote:
On Wed, Jan 01, 2014 at 10:58:32AM +0100, David Weinehall wrote:
That's also why I *don't* use BSD-style licenses for software that
I write, but rather GPLv2 or LGPLv2.1.
So if someone takes your LGPLv2.1-only software and adds
On 6 January 2014 15:07, David Weinehall t...@debian.org wrote:
On Sat, Jan 04, 2014 at 03:13:01AM +, Clint Adams wrote:
On Wed, Jan 01, 2014 at 10:58:32AM +0100, David Weinehall wrote:
That's also why I *don't* use BSD-style licenses for software that
I write, but rather GPLv2 or
Hi Dimitri,
On Mon, 6 Jan 2014 15:22:09 +, Dimitri John Ledkov x...@debian.org
wrote:
But GPL text does confuse me as a whole, no modifications nor derivate
works of the GPL license text are allowed, and the original text has
and later clause - is licensing without and later constitues
Op 05-01-14 15:57, Clint Adams schreef:
On Sat, Jan 04, 2014 at 05:07:29PM +0100, Wouter Verhelst wrote:
This goes for GPLvX or later, but also for other or later licenses,
where they exist.
I'm convinced that the GPLv2 is a free license, but I'm so far undecided
on the GPLv3 (mainly because
On Sat, Jan 04, 2014 at 05:07:29PM +0100, Wouter Verhelst wrote:
This goes for GPLvX or later, but also for other or later licenses,
where they exist.
I'm convinced that the GPLv2 is a free license, but I'm so far undecided
on the GPLv3 (mainly because I've not read the license text in much
Hi there!
On Sat, 04 Jan 2014 04:29:02 +0100, Paul Tagliamonte wrote:
On Tue, Dec 31, 2013 at 08:59:53AM -0600, Matt Zagrabelny wrote:
So your doomsday scenario is that if you license something
GPLv2+, someone might fork and modify it to be GPLv3+,
I was under the impression that forks
Op 23-12-13 23:43, Clint Adams schreef:
GPLv2-only folks should be made to see how their antisocial
behavior is harming everyone. I think this is a delightful
situation for them to be in.
I am not a member of the church of GNU, nor do I wish to be. I respect
Richard Stallman (and his band of
Moritz Mühlenhoff j...@inutil.org wrote:
Andreas Metzler ametz...@debian.org schrieb:
#5 Declare GMP to be a system library.
(..)
#5 was how Fedora looked at the OpenSSL library issue. Since Debian
has another viewpoint on OpenSSL I somehow doubt we would use it for
GMP.
We should do that
]] Russ Allbery
Wildly off-topic, but hey. :-)
Yeah, I saw that also in Bernhard's reply. That confusion had honestly
never occurred to me before since, despite the visual similarities, the
words are completely unrelated in English. The etymologies are disjoint:
idiot comes from French
On Wed, Jan 01, 2014 at 10:58:32AM +0100, David Weinehall wrote:
That's also why I *don't* use BSD-style licenses for software that
I write, but rather GPLv2 or LGPLv2.1.
So if someone takes your LGPLv2.1-only software and adds GPLv2-only
code to it, do you feel similarly betrayed because you
On Tue, Dec 31, 2013 at 08:59:53AM -0600, Matt Zagrabelny wrote:
So your doomsday scenario is that if you license something
GPLv2+, someone might fork and modify it to be GPLv3+,
I was under the impression that forks couldn't change licenses. Is the
scenario which Clint describes (legally)
On Tue, Dec 31, 2013 at 02:54:50PM +, Clint Adams wrote:
On Sun, Dec 29, 2013 at 03:50:06AM +0100, David Weinehall wrote:
Apart from the termination clause, the GPLv2 is far more concise,
I don't see tivoization as a problem (it's the software I want to
protect, not anyone's combination
Le 30 déc. 2013 10:06, Florian Weimer f...@deneb.enyo.de a écrit :
* Bastien ROUCARIES:
Fedora created a open SSL compat library based on libnss.
It doesn't work all that well because there is no way to implement
host name checking. The OpenSSL API it's based on did not have an
interface
Russ Allbery schrieb:
Bernhard R. Link brl...@debian.org writes:
Could you please stop using that word idiosyncratic.
I believe idiosyncratic is exactly the correct term:
idiosyncratic
adj 1: peculiar to the individual; we all have our own
idiosyncratic gestures;
Thomas Hochstein t...@inter.net writes:
Russ Allbery schrieb:
Bernhard R. Link brl...@debian.org writes:
Could you please stop using that word idiosyncratic.
I believe idiosyncratic is exactly the correct term:
idiosyncratic
adj 1: peculiar to the individual; we all have our own
On Sun, Dec 29, 2013 at 03:50:06AM +0100, David Weinehall wrote:
Apart from the termination clause, the GPLv2 is far more concise,
I don't see tivoization as a problem (it's the software I want to
protect, not anyone's combination of it with hardware), nor do I care
about compatibility with
On Tue, Dec 31, 2013 at 8:54 AM, Clint Adams cl...@debian.org wrote:
On Sun, Dec 29, 2013 at 03:50:06AM +0100, David Weinehall wrote:
Apart from the termination clause, the GPLv2 is far more concise,
I don't see tivoization as a problem (it's the software I want to
protect, not anyone's
Matt,
Yes, it is possible, but only the contributions of the fork would be
GPLv3 only, the original GPLv2+ code would still be just that.
Nevertheless, the final product would be GPLv3 only.
Cameron Norman
On Tue, Dec 31, 2013 at 6:59 AM, Matt Zagrabelny mzagr...@d.umn.edu
wrote:
On Tue,
On Tue, Dec 31, 2013 at 08:59:53AM -0600, Matt Zagrabelny wrote:
On Tue, Dec 31, 2013 at 8:54 AM, Clint Adams cl...@debian.org wrote:
On Sun, Dec 29, 2013 at 03:50:06AM +0100, David Weinehall wrote:
Apart from the termination clause, the GPLv2 is far more concise,
I don't see tivoization as
* Bastien ROUCARIES:
Fedora created a open SSL compat library based on libnss.
It doesn't work all that well because there is no way to implement
host name checking. The OpenSSL API it's based on did not have an
interface for host name verification, and the compatibility library
does not
Thomas Goirand wrote:
Most upstream authors who
cares about licensing, do not agree with Debian's view about GPL and
OpenSSL incompatibility, and this is what counts.
Is that true? When does it even come up? What do this majority of
upstream
Jonathan Nieder jrnie...@gmail.com writes:
Is that true? When does it even come up? What do this majority of
upstream authors take the meaning and purpose of the phrase
unless that component itself accompanies the executable.
in the GPLv2 to be?
Most upstream authors that I've
Hi,
Russ Allbery r...@debian.org writes:
Most upstream authors that I've spoken with don't believe that licensing
crosses the shared library ABI boundary, that the shared OpenSSL library
and the GPLv2 program that calls it remain separate works, and therefore
there is no need for OpenSSL to
On 2013-12-30 10:57:32 -0800, Russ Allbery wrote:
Most upstream authors that I've spoken with don't believe that licensing
crosses the shared library ABI boundary, that the shared OpenSSL library
and the GPLv2 program that calls it remain separate works, and therefore
there is no need for
Vincent Lefevre vinc...@vinc17.net writes:
On 2013-12-30 10:57:32 -0800, Russ Allbery wrote:
Most upstream authors that I've spoken with don't believe that
licensing crosses the shared library ABI boundary, that the shared
OpenSSL library and the GPLv2 program that calls it remain separate
Ansgar Burchardt ans...@debian.org writes:
Russ Allbery r...@debian.org writes:
Most upstream authors that I've spoken with don't believe that
licensing crosses the shared library ABI boundary, that the shared
OpenSSL library and the GPLv2 program that calls it remain separate
works, and
On Mon, Dec 30, 2013 at 10:15:02PM +0100, Ansgar Burchardt wrote:
Russ Allbery r...@debian.org writes:
Most upstream authors that I've spoken with don't believe that licensing
crosses the shared library ABI boundary, that the shared OpenSSL library
and the GPLv2 program that calls it remain
Steve Langasek vor...@debian.org writes:
The GPL requirement about dependency licensing does not rely on the
legal definition of derivative works. So arguments that a GPL program
that links against OpenSSL is not a derivative work of OpenSSL are
missing the point.
I don't believe this is
On 2013-12-28 19:24:33 -0800, Steve Langasek wrote:
Now, the companies in question may legitimately regard a GPLv2+
upstream as a source business risk, because they have no guarantee
that future versions of the software won't be made available under
GPLv3+ instead of GPLv2+, and if they're
* Andreas Metzler:
In July 2011 with version 3.0 [1] GnuTLS switched to Nettle as only
supported crypto backend. Nettle requires GMP.
GnuTLS and Nettle are available under LGPLv2.1+. GMP used to be
licensed LGPLv2.1+ ages ago but upgraded to LGPLv3+ in version 4.2.2
(released September
On 12/28/2013 06:09 PM, Bernhard R. Link wrote:
* Thomas Goirand z...@debian.org [131228 08:30]:
don't think it does anymore, especially seeing that almost no upstream
author cares about Debian's nit-picking on this particular issue. We're
just beating ourselves for no valid reason.
Almost
On Sat, Dec 28, 2013 at 05:59:35PM -0500, Stephen M. Webb wrote:
Nope. An organization that will not accept the GPLv3 because of the
tivoization and patent clauses will not accept
GPLv2 or later. The or later clause means a downstream can invoke their
rights under the GPLv3 to demand
On Mon, Dec 23, 2013 at 10:43:54PM +, Clint Adams wrote:
[snip]
GPLv2-only folks should be made to see how their antisocial
behavior is harming everyone. I think this is a delightful
situation for them to be in.
Plenty of other licenses have an or later baked in and nobody
whines about
* Russ Allbery r...@debian.org [131227 18:53]:
Bernhard R. Link brl...@debian.org writes:
* Russ Allbery r...@debian.org [131224 01:42]:
On the contrary, it's Debian's insistence on following an idiosyncratic
license interpretation that's creating the supposed unfairness. This
is
* Thomas Goirand z...@debian.org [131228 08:30]:
don't think it does anymore, especially seeing that almost no upstream
author cares about Debian's nit-picking on this particular issue. We're
just beating ourselves for no valid reason.
Almost no upstream author cares about licensing at all.
On 2013-12-28 09:45:09 +0100, David Weinehall wrote:
Relicensing libraries that have long been GPL v2 (or later) or LGPL v2.1
(or later) to (L)GPL v3 (or later) is, if anything, very antisocial,
since it locks out users of GPL v2 (only) software and forces the GPL v3
interpretation onto GPL v2
On Sat, Dec 28, 2013 at 09:45:09AM +0100, David Weinehall wrote:
As one of the GPL v2 only proponents, I take affront. I choose to
license what little software I release as GPL v2 only because I do not
consider the GPL v3 to have what attracted me to use the GPL v2 in the
first place.
The
On 12/28/2013 03:53 PM, Clint Adams wrote:
On Sat, Dec 28, 2013 at 09:45:09AM +0100, David Weinehall wrote:
As one of the GPL v2 only proponents, I take affront. I choose to
license what little software I release as GPL v2 only because I do not
consider the GPL v3 to have what attracted me to
On Sat, Dec 28, 2013 at 04:11:18PM -0500, Stephen M. Webb wrote:
On 12/28/2013 03:53 PM, Clint Adams wrote:
On Sat, Dec 28, 2013 at 09:45:09AM +0100, David Weinehall wrote:
As one of the GPL v2 only proponents, I take affront. I choose to
license what little software I release as GPL v2
On 12/28/2013 04:15 PM, Kurt Roeckx wrote:
On Sat, Dec 28, 2013 at 04:11:18PM -0500, Stephen M. Webb wrote:
On 12/28/2013 03:53 PM, Clint Adams wrote:
On Sat, Dec 28, 2013 at 09:45:09AM +0100, David Weinehall wrote:
As one of the GPL v2 only proponents, I take affront. I choose to
license
On Sun, 29 Dec 2013 02:59:35 +0400, Stephen M. Webb
stephen.w...@bregmasoft.ca wrote:
On 12/28/2013 04:15 PM, Kurt Roeckx wrote:
On Sat, Dec 28, 2013 at 04:11:18PM -0500, Stephen M. Webb wrote:
On 12/28/2013 03:53 PM, Clint Adams wrote:
On Sat, Dec 28, 2013 at 09:45:09AM +0100, David
On 28/12/13 22:59, Stephen M. Webb wrote:
On 12/28/2013 04:15 PM, Kurt Roeckx wrote:
On Sat, Dec 28, 2013 at 04:11:18PM -0500, Stephen M. Webb wrote:
There are organization who will allow v2 but not v3 because of the
tivoizaton and patent clauses. A developer may want
his work to be used by
On Sat, Dec 28, 2013 at 05:59:35PM -0500, Stephen M. Webb wrote:
On 12/28/2013 04:15 PM, Kurt Roeckx wrote:
On Sat, Dec 28, 2013 at 04:11:18PM -0500, Stephen M. Webb wrote:
On 12/28/2013 03:53 PM, Clint Adams wrote:
On Sat, Dec 28, 2013 at 09:45:09AM +0100, David Weinehall wrote:
As one
On 12/28/2013 07:51 PM, Kurt Roeckx wrote:
The or later means or later and just that. It doesn't mean
a downstream can say they received it under the later version.
And the upstream can't claim that either.
The or later means my clients' lawyers state unequivocally that they will not
On 2013-12-28 17:59:35 -0500, Stephen M. Webb wrote:
On 12/28/2013 04:15 PM, Kurt Roeckx wrote:
On Sat, Dec 28, 2013 at 04:11:18PM -0500, Stephen M. Webb wrote:
There are organization who will allow v2 but not v3 because of
the tivoizaton and patent clauses. A developer may want his work
On Sat, Dec 28, 2013 at 08:53:56PM +, Clint Adams wrote:
On Sat, Dec 28, 2013 at 09:45:09AM +0100, David Weinehall wrote:
As one of the GPL v2 only proponents, I take affront. I choose to
license what little software I release as GPL v2 only because I do not
consider the GPL v3 to have
On Sat, Dec 28, 2013 at 08:38:09PM -0500, Stephen M. Webb wrote:
On 12/28/2013 07:51 PM, Kurt Roeckx wrote:
The or later means or later and just that. It doesn't mean
a downstream can say they received it under the later version.
And the upstream can't claim that either.
The or later
On Dec 28, Bernhard R. Link brl...@debian.org wrote:
Almost no upstream author cares about licensing at all. The mayority of
Great, no ethical issues to be concerned with then.
Debian is no corporation that can just willy-nilly copy stuff around
without caring for the law and hoping noone
Steve Langasek dixit:
of GPLv3, and explicitly did not. In fact, the system library exception is
now defined even more narrowly than for GPLv2, so that it now covers only
language runtime libraries. I think this was a poor choice on the FSF's
Is it really?
| A Standard Interface means an
* Russ Allbery r...@debian.org [131224 01:42]:
On the contrary, it's Debian's insistence on following an idiosyncratic
license interpretation that's creating the supposed unfairness. This is
obviously not Red Hat's fault.
Could you please stop using that word idiosyncratic. How about
using
Bernhard R. Link brl...@debian.org writes:
* Russ Allbery r...@debian.org [131224 01:42]:
On the contrary, it's Debian's insistence on following an idiosyncratic
license interpretation that's creating the supposed unfairness. This
is obviously not Red Hat's fault.
Could you please stop
On Fri, Dec 27, 2013 at 02:38:50PM +, Thorsten Glaser wrote:
Steve Langasek dixit:
of GPLv3, and explicitly did not. In fact, the system library exception is
now defined even more narrowly than for GPLv2, so that it now covers only
language runtime libraries. I think this was a poor
On 12/25/2013 12:38 AM, Clint Byrum wrote:
Excerpts from Thomas Goirand's message of 2013-12-23 23:38:15 -0800:
On 12/24/2013 12:04 AM, Marco d'Itri wrote:
This is self-inflicted damage, and I think it's slightly arrogant to
pretend that Debian is the only organization which cares about
On mer, dic 25, 2013 at 01:36:13 -0800, Jonathan Nieder wrote:
Russ Allbery wrote:
Has anyone asked the Git maintainers whether they object to their software
being linked with a libcurl that uses OpenSSL?
I am not the author of the most of Git. As a minority author:
- libcurl
On Mon, 23 Dec 2013 23:36:34 -0800, Steve Langasek wrote:
I, too, believe that we could use the reality check. We already did so
with our patent policy and solved long-standing problems for our users.
Well, I'm not sure what problems that patent policy actually solved for
our users. As
Russ Allbery wrote:
Has anyone asked the Git maintainers whether they object to their software
being linked with a libcurl that uses OpenSSL?
I am not the author of the most of Git. As a minority author:
- libcurl provides a quite similar API with OpenSSL as with GnuTLS.
I wish it
On 23/12/13 02:16, Shawn Wilson wrote:
My gut reaction was that #5 or #6 are the best option (leaning to #6).
However I guess I don't understand what making something a system library
effects the license?
Andreas Metzler ametz...@debian.org wrote:
#5 Declare GMP to be a system library.
Excerpts from Russ Allbery's message of 2013-12-23 16:42:29 -0800:
Clint Byrum spam...@debian.org writes:
Excerpts from Russ Allbery's message of 2013-12-23 10:54:49 -0800:
Clint Byrum spam...@debian.org writes:
An author is not the only party to text. There are also those who have
Excerpts from Thomas Goirand's message of 2013-12-23 23:38:15 -0800:
On 12/24/2013 12:04 AM, Marco d'Itri wrote:
This is self-inflicted damage, and I think it's slightly arrogant to
pretend that Debian is the only organization which cares about ethics.
For once, I agree with you Marco.
On Tue, Dec 24, 2013 at 12:02:31PM +0100, Carlos Alberto Lopez Perez wrote:
About the system library exception, this is what the GPL FAQ tells:
Q: Can I link a GPL program with a proprietary system library?
A: Both versions of the GPL have an exception to their copyleft,
commonly called the
On Sun, Dec 22, 2013 at 9:59 PM, Ben Hutchings b...@decadent.org.uk wrote:
On Sun, 2013-12-22 at 19:52 +, brian m. carlson wrote:
On Sun, Dec 22, 2013 at 08:12:40PM +0100, Andreas Metzler wrote:
How to continue from here/solve this:
-
#1 Fork LGPLv2.1+ GMP (version 4.2.1) for
On Dec 23, Steve Langasek vor...@debian.org wrote:
Red Hat only needs to meet the standard that they don't think there's risk
to the company of being sued for a license violation. Debian holds itself
to a higher, ethical standard of complying with the license even when the
risks are small.
I
Excerpts from md's message of 2013-12-23 08:04:57 -0800:
On Dec 23, Steve Langasek vor...@debian.org wrote:
Red Hat only needs to meet the standard that they don't think there's risk
to the company of being sued for a license violation. Debian holds itself
to a higher, ethical standard
Clint Byrum spam...@debian.org writes:
An author is not the only party to text. There are also those who have
received this license, and adhered to it for the sake of the author and
the copyright holders who have also adhered to it.
So, it is rather disrespectful and could cause harm to
On Mon, Dec 23, 2013 at 10:54:49AM -0800, Russ Allbery wrote:
but I think we should ask a real lawyer and not rely on careful parsing
Yes, this is true, but I’m wondering how many lawyer you mean to ask? Is
one enough? After all this is a difficult question, and you will only get
the final
Stephan Seitz stse+deb...@fsing.rootsland.net writes:
Yes, this is true, but I’m wondering how many lawyer you mean to ask? Is
one enough? After all this is a difficult question, and you will only
get the final answer from a judge in the end.
The realistic probability of a lawsuit here is
On Mon, Dec 23, 2013 at 10:54:49AM -0800, Russ Allbery wrote:
There is no way to change the OpenSSL license. The project doesn't use
copyright assignment and the number of contributors is far too large to be
able to track them all down and get their permission.
I do not believe that either of
On Mon, Dec 23, 2013 at 08:04:32PM +, Clint Adams wrote:
On Mon, Dec 23, 2013 at 10:54:49AM -0800, Russ Allbery wrote:
There is no way to change the OpenSSL license. The project doesn't use
copyright assignment and the number of contributors is far too large to be
able to track them
Steve Langasek vor...@debian.org writes:
I think you've managed to invert my point here, actually, which was that
when someone licenses their work under *the GPL*, we should respect
their wishes - even though it would make our lives a lot easier to be
able to ship binaries linked against
On 23 December 2013 20:04, Clint Adams cl...@debian.org wrote:
On Mon, Dec 23, 2013 at 10:54:49AM -0800, Russ Allbery wrote:
There is no way to change the OpenSSL license. The project doesn't use
copyright assignment and the number of contributors is far too large to be
able to track them all
Clint Adams cl...@debian.org writes:
If I recall correctly, similar things were said about freeing Moria and
Angband, then it turned out that it would have been trivial to contact
Robert Koeneke if anyone had actually bothered to try.
That doesn't quite match my memory. People did try when
On Mon, Dec 23, 2013 at 12:24:11PM -0800, Steve Langasek wrote:
Which crypto library has a non-awful API?
Many of the native Haskell crypto libraries do. I am aware
that that is a somewhat unhelpful answer.
I think you've managed to invert my point here, actually, which was that
when someone
will need keep another old library version
around. (I doubt that GnuTLS upstream will port GnuTLS 2.12.x to
newer gcrypt.)
How to continue from here/solve this:
-
#1 Fork LGPLv2.1+ GMP (version 4.2.1) for Debian.
#2 Fork GnuTLS 2 for Debian.
#3 Hope that GMP is relicensed to GPL2
Excerpts from Russ Allbery's message of 2013-12-23 10:54:49 -0800:
Clint Byrum spam...@debian.org writes:
An author is not the only party to text. There are also those who have
received this license, and adhered to it for the sake of the author and
the copyright holders who have also
Clint Byrum spam...@debian.org writes:
Excerpts from Russ Allbery's message of 2013-12-23 10:54:49 -0800:
Clint Byrum spam...@debian.org writes:
An author is not the only party to text. There are also those who have
received this license, and adhered to it for the sake of the author
and the
On 22/12/13 21:59, Ben Hutchings wrote:
#1 Fork LGPLv2.1+ GMP (version 4.2.1) for Debian.
This seems like the best idea, as it lets us use newer versions of
GnuTLS that support elliptic curves with the minimum amount of pain.
I think this would be a good idea if GnuTLS doesn't depend on
On Mon, Dec 23, 2013 at 12:50:36PM -0800, Russ Allbery wrote:
Steve Langasek vor...@debian.org writes:
I think you've managed to invert my point here, actually, which was that
when someone licenses their work under *the GPL*, we should respect
their wishes - even though it would make our
On 12/24/2013 12:04 AM, Marco d'Itri wrote:
This is self-inflicted damage, and I think it's slightly arrogant to
pretend that Debian is the only organization which cares about ethics.
For once, I agree with you Marco.
On 12/24/2013 01:22 AM, Clint Byrum wrote:
If it were to reverse position,
On Mon, Dec 23, 2013 at 08:40:54AM +0200, Faidon Liambotis wrote:
On 12/23/13 02:15, Steve Langasek wrote:
I think a better way to put Marco's argument would be: [h]acker
legal education, with its roots in programming, is strong on formal
precision and textual exegesis. But it is notably light
will need keep another old library version
around. (I doubt that GnuTLS upstream will port GnuTLS 2.12.x to newer
gcrypt.)
How to continue from here/solve this:
-
#1 Fork LGPLv2.1+ GMP (version 4.2.1) for Debian.
#2 Fork GnuTLS 2 for Debian.
#3 Hope that GMP is relicensed to GPL2+/LGPLv3+
#4
of pain.
#2 Fork GnuTLS 2 for Debian.
#3 Hope that GMP is relicensed to GPL2+/LGPLv3+
#4 Hop nettle switches to a different arbitrary precision arithmetic
library.
#5 Declare GMP to be a system library.
I don't think this is actually feasible, due to the way the GPLv2 is
actually written
Andreas Metzler ametz...@debian.org schrieb:
#5 Declare GMP to be a system library.
(..)
#5 was how Fedora looked at the OpenSSL library issue. Since Debian
has another viewpoint on OpenSSL I somehow doubt we would use it for
GMP.
We should do that (and also reevaluate the position wrt
Moritz Mühlenhoff j...@inutil.org writes:
Andreas Metzler ametz...@debian.org schrieb:
#5 Declare GMP to be a system library.
(..)
#5 was how Fedora looked at the OpenSSL library issue. Since Debian
has another viewpoint on OpenSSL I somehow doubt we would use it for
GMP.
We should do
On Sun, 2013-12-22 at 19:52 +, brian m. carlson wrote:
On Sun, Dec 22, 2013 at 08:12:40PM +0100, Andreas Metzler wrote:
How to continue from here/solve this:
-
#1 Fork LGPLv2.1+ GMP (version 4.2.1) for Debian.
This seems like the best idea, as it lets us use newer versions of
Le 22 déc. 2013 22:00, Ben Hutchings b...@decadent.org.uk a écrit :
On Sun, 2013-12-22 at 19:52 +, brian m. carlson wrote:
On Sun, Dec 22, 2013 at 08:12:40PM +0100, Andreas Metzler wrote:
How to continue from here/solve this:
-
#1 Fork LGPLv2.1+ GMP (version 4.2.1) for
On Dec 22, Moritz Mühlenhoff j...@inutil.org wrote:
We should do that (and also reevaluate the position wrt OpenSSL) by
running it by the Software Freedom Law Center.
Red Hat has real lawyers who looked into the issue, we should do the
same.
Agreed, Debian has been promoting bad decisions
1 - 100 of 105 matches
Mail list logo