Dear Francesco, thanks for your clarifications. We will opt for reimplementing our code using GnuTLS.
Best regards, Carles > El 14/9/2015, a las 23:24, Francesco Poli <invernom...@paranoici.org> > escribió: > > On Mon, 14 Sep 2015 20:20:21 +0200 Carles Fernandez wrote: > >> Dear all, > > Hello Carles, > >> >> recently, I uploaded a package for gnss-sdr >> (http://mentors.debian.net/package/gnss-sdr >> <http://mentors.debian.net/package/gnss-sdr>). > > Thanks for contributing to Debian! > >> The package was rejected due to a conflict between GPL v3 and the OpenSSL >> license. From what I've got to know, the upstream license must include an >> exception to the GPL allowing linkage against OpenSSL. >> >> I’m also an upstream developer of such software, so I want to implement the >> required changes for package acceptance. These are the devised steps: > [...] >> We would like to ask if we are on the right path, and if there are any other >> requirements regarding this issue that we need to address from the upstream >> side. > > The steps seem fine to me, but I am afraid they are not enough. > Any other library linked with gnss-sdr has to be compatible with > OpenSSL. > Hence, if gnss-sdr links with other GPL-licensed libraries lacking the > OpenSSL exception, you will have to persuade their copyright holders to > also add the OpenSSL exception. > > If I understand correctly, there are at least libuhd and libgnuradio, > which are linked with gnss-sdr, are GPL-licensed without any OpenSSL > exception. I guess the FSF is unlikely to be persuaded to add an OpenSSL > linking exception... > > > An alternative approach may be: drop OpenSSL entirely, and link with > some GPL-compatible TLS/SSL implementation instead (such as libgnutls or > libnss or anything else fit for the purpose). > > > A third alternative strategy is: be patient, and wait for OpenSSL to > switch to a saner license. It seems that some progress on this front has > been (unexpectedly) made on August the 1st, 2015: > https://www.openssl.org/blog/blog/2015/08/01/cla/ > The announced plan is to switch to the Apache License version 2.0, > which is GPLv3-compatible (although still GPLv2-incompatible...). > I am not aware of any more recent news on this, though. > BTW, I am not happy about the CLA part and I would be much happier, if > they decided to switch to a simpler and more all-compatible license > (such as the 3-clause BSD license, or the Expat license, or the zlib > license), but that's another story... > > > I hope this helps a little bit. > Please take into account that what I wrote is my own personal take on > the matter: I do *not* speak on behalf of the Debian Project. > And it's *not* legal advice (I am *not* a lawyer). > > Bye. > > -- > http://www.inventati.org/frx/ > There's not a second to spare! To the laboratory! > ..................................................... Francesco Poli . > GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE -- ------------------------------------------------------------ Dr. Carles Fernández Prades Head of the Communication Systems Division Senior Researcher Centre Tecnològic de Telecomunicacions de Catalunya (CTTC) Address: Parc Mediterrani de la Tecnologia Av. Carl Friedrich Gauss, 7 08860 Castelldefels, Barcelona, Spain. Phone: +34 936452909 Fax: +34 936452901 http://www.cttc.es/people/cfernandez/ <http://www.cttc.cat/> ------------------------------------------------------------
signature.asc
Description: Message signed with OpenPGP using GPGMail