On Mon, 14 Sep 2015 20:20:21 +0200 Carles Fernandez wrote: > Dear all,
Hello Carles, > > recently, I uploaded a package for gnss-sdr > (http://mentors.debian.net/package/gnss-sdr > <http://mentors.debian.net/package/gnss-sdr>). Thanks for contributing to Debian! > The package was rejected due to a conflict between GPL v3 and the OpenSSL > license. From what I've got to know, the upstream license must include an > exception to the GPL allowing linkage against OpenSSL. > > I’m also an upstream developer of such software, so I want to implement the > required changes for package acceptance. These are the devised steps: [...] > We would like to ask if we are on the right path, and if there are any other > requirements regarding this issue that we need to address from the upstream > side. The steps seem fine to me, but I am afraid they are not enough. Any other library linked with gnss-sdr has to be compatible with OpenSSL. Hence, if gnss-sdr links with other GPL-licensed libraries lacking the OpenSSL exception, you will have to persuade their copyright holders to also add the OpenSSL exception. If I understand correctly, there are at least libuhd and libgnuradio, which are linked with gnss-sdr, are GPL-licensed without any OpenSSL exception. I guess the FSF is unlikely to be persuaded to add an OpenSSL linking exception... An alternative approach may be: drop OpenSSL entirely, and link with some GPL-compatible TLS/SSL implementation instead (such as libgnutls or libnss or anything else fit for the purpose). A third alternative strategy is: be patient, and wait for OpenSSL to switch to a saner license. It seems that some progress on this front has been (unexpectedly) made on August the 1st, 2015: https://www.openssl.org/blog/blog/2015/08/01/cla/ The announced plan is to switch to the Apache License version 2.0, which is GPLv3-compatible (although still GPLv2-incompatible...). I am not aware of any more recent news on this, though. BTW, I am not happy about the CLA part and I would be much happier, if they decided to switch to a simpler and more all-compatible license (such as the 3-clause BSD license, or the Expat license, or the zlib license), but that's another story... I hope this helps a little bit. Please take into account that what I wrote is my own personal take on the matter: I do *not* speak on behalf of the Debian Project. And it's *not* legal advice (I am *not* a lawyer). Bye. -- http://www.inventati.org/frx/ There's not a second to spare! To the laboratory! ..................................................... Francesco Poli . GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE
pgp5zUxmLik1t.pgp
Description: PGP signature