Hi, I am building the Cherokee 0.11.1-1 packages for Debian, and I got this warning:
E: libcherokee-base0: possible-gpl-code-linked-with-openssl
N:
N: This package appears to be covered by the GNU GPL but depends on the
N: OpenSSL libssl package and does not mention a license exemption or
N: exception for OpenSSL in its copyright file. The GPL (including
N: version 3) is incompatible with some terms of the OpenSSL license, and
N: therefore Debian does not allow GPL-licensed code linked with OpenSSL
N: libraries unless there is a license exception explicitly permitting
N: this.
N:
N: If only the Debian packaging, or some other part of the package not
N: linked with OpenSSL, is covered by the GNU GPL, please add a lintian
N: override for this tag. Lintian currently has no good way of
N: distinguishing between that case and problematic packages.
N:
N: Severity: serious; Certainty: wild-guess
This is completely expectable, as Cherokee now depends on OpenSSL for
criptography. Now, in human-speak, what is the problem with this?
Basically, that the OpenSSL and the GPL licenses are not mutually
compatible [1] (basically, the OpenSSL license includes an advertising
clause, similar to the four-clause BSD license), and GPLed projects
using OpenSSL must add an exception to their licensing terms.
So, what should be done? Just add the following paragraph (or a
similar one - if you want to get some more ideas, take a look at
basically any GPL program which uses OpenSSL in Debian or its
derivatives) to the Cherokee licensing:
* In addition, as a special exception, the copyright holders give
* permission to link the code of portions of this program with the
* OpenSSL library under certain conditions as described in each
* individual source file, and distribute linked combinations
* including the two.
* You must obey the GNU General Public License in all respects
* for all of the code used other than OpenSSL. If you modify
* file(s) with this exception, you may extend this exception to your
* version of the file(s), but you are not obligated to do so. If you
* do not wish to do so, delete this exception statement from your
* version. If you delete this exception statement from all source
* files in the program, then also delete it here.
Just... As an extra word: I know many people view Debian as the
licensing zealots. In some sense, we are... But anyway, this is
something not only said by us. The link I sent comes from a Gnome
developer; I found other links detailing this situation at Wikipedia
[2], wget [3], and even OpenSSL itself [4].
This is a minor change, but please treat it with high priority - It
basically means Cherokee, as it is now, is not legally distributable
when compiled with SSL support.
Thanks,
[1] http://www.gnome.org/~markmc/openssl-and-the-gpl.html
[2] http://en.wikipedia.org/wiki/OpenSSL
[3] http://users.ugent.be/~bpuype/wget/
[4] http://www.openssl.org/support/faq.html#LEGAL2
--
Gunnar Wolf - [EMAIL PROTECTED] - (+52-55)5623-0154 / 1451-2244
PGP key 1024D/8BB527AF 2001-10-23
Fingerprint: 0C79 D2D1 2C4E 9CE4 5973 F800 D80E F35A 8BB5 27AF
pgplzrl66MFnJ.pgp
Description: PGP signature
_______________________________________________ Cherokee mailing list [email protected] http://lists.octality.com/listinfo/cherokee
