> On Jun 20, 2015, at 6:49 PM, Alexander Hansen <alexanderk.han...@gmail.com> > wrote: > > >> On Jun 20, 2015, at 15:03, Daniel Johnson <daniel.johnso...@gmail.com> wrote: >> >> >>> On Jun 20, 2015, at 4:58 PM, Alexander Hansen <alexanderk.han...@gmail.com> >>> wrote: >>> >>> Since the system’s OpenSSL is going away for 10.11 we’ve got a bit of a >>> pickle. >>> >>> My understanding is that our packages that use openssl100-dev and have >>> binaries are now technically in violation of the openssl license, which >>> only allows redistribution against an OpenSSL which is shipped with the OS. >>> >>> 1) Is this still true? If so, then we need to start tagging them as >>> Restrictive. >>> 2) Does LibreSSL have the same restriction? If not, can we convert over >>> to use that? >>> >>> -- >>> Alexander Hansen, Ph.D. >>> Fink User Liaison >>> >> >> 1) IANAL, so I can’t answer this, but the issue isn’t that OpenSSL’s license >> forbids distribution. The problem is that because of OpenSSL’s “original” >> BSD license with the advertising clause, it is incompatible with the GPL. >> The GPL *does* allow linking to libraries that come with an OS, so that’s >> where the workaround used to be. >> >> 2) LibreSSL (and BoringSSL but we don’t have that package) is a fork of >> OpenSSL and therefore must use the same license. I believe they have been >> trying to get things relicensed but that’s an almost impossible job since >> there’s some really old code in there. >> >> Daniel >> > > 1+2) Ah. gotcha. As a simple base example then, is our cvs package, which > uses openssl100, in violation? And if so, do we have to mark it as > Restrictive? Or worse yet, pull it and stop supporting selfupdate-cvs on > distributions where Xcode doesn’t have cvs ? > > -- > Alexander Hansen, Ph.D. > Fink User Liaison >
This is a good run-down: https://people.gnome.org/~markmc/openssl-and-the-gpl.html Some packages have an explicit “OpenSSL is Ok” clause added to the GPL. cvs does not, but looking at the code, it looks like libcrypto is only used as a requirement for Kerberos and Apple’s Kerberos doesn’t need that. I’ll have to look at it closer. It may be possible to drop the dep. Daniel
signature.asc
Description: Message signed with OpenPGP using GPGMail
------------------------------------------------------------------------------
_______________________________________________ Fink-devel mailing list Fink-devel@lists.sourceforge.net List archive: http://news.gmane.org/gmane.os.apple.fink.devel Subscription management: https://lists.sourceforge.net/lists/listinfo/fink-devel
