------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=1536 --- Comment #6 from Phil Pennock <p...@exim.org> 2014-11-04 00:21:39 --- Two clarifications following some discussion between the maintainers: (1) Exim provides an explicit interface to custom code via the "local_scan" facility, through local_scan.c; it is the explicit intent that this provides a boundary between "what is Exim" and "what is being integrated into Exim" and is an explicit API boundary. Any changes to Exim which work _solely_ through local_scan.c do not have to be provided under the GPL. Binary images of Exim built with local_scan.c modifications may be distributed without having to provide the source code for local_scan.c. While publication of those changes would obviously incur good will from the community and the maintainers, it is not explicitly required. (2) In comment #1 I wrote "A change to the Affero GPL would mean that an ISP or university could not maintain custom patches which they support themselves, while providing service to their customers/users."; this was a mis-statement. I missed the word "private". I meant "[...] could not maintain private custom patches which [...]". Anyone is welcome to maintain custom patches outside of the Exim source tree; anyone is free to distribute binaries of Exim built using custom _public_ patches. This is what Debian (and its derivatives) do, as one example. Most, but at any given time perhaps not all, of those patches might be from Exim as the upstream, back-ported for security reasons, but a classic example of out-of-tree patches would be when vendors (RedHat?) were maintaining the dynamically-loaded lookup module support, to simplify binary dependencies for package management purposes. The issue is entirely around custom patches to Exim where the source code for the patches is kept private, where the patches are _not_ solely in implementing a function for the local_scan API, and where binaries including those changes are run on systems not owned by (in a common-sense interpretation of the term "owned") the entity providing the binaries. Running a service based on Exim is what every organisation installing Exim does: they provide SMTP service connecting to/from the Internet. They might be an ISP or a University providing access to their customers/faculty/students, and they are under no obligation to provide source for changes as long as the binaries only run on their own servers. The moment that a service is providing binaries for others to invoke and run as a process on the systems belonging to those others, or engaging in obfuscation schemes to try to avoid that onus, then the GPL impacted changes need to be provided in source code form too. As Exim is not LGPL but GPLv2 (with no practical way to relicense), the GPL-impacted changes are "any modification to the source code not covered by an exemption". There are exemptions for linking purposes, to ensure that Exim can be linked with OpenSSL or any lookup type where the client library is not GPL. There is an implicit exemption for local_scan purposes, which we may need to make explicit. No other exemptions come to mind. -- Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
