> On Jun 20, 2015, at 7:03 PM, Daniel Johnson <daniel.johnso...@gmail.com> > wrote: > > >> On Jun 20, 2015, at 6:49 PM, Alexander Hansen <alexanderk.han...@gmail.com> >> wrote: >> >> >>> On Jun 20, 2015, at 15:03, Daniel Johnson <daniel.johnso...@gmail.com> >>> wrote: >>> >>> >>>> On Jun 20, 2015, at 4:58 PM, Alexander Hansen >>>> <alexanderk.han...@gmail.com> wrote: >>>> >>>> Since the system’s OpenSSL is going away for 10.11 we’ve got a bit of a >>>> pickle. >>>> >>>> My understanding is that our packages that use openssl100-dev and have >>>> binaries are now technically in violation of the openssl license, which >>>> only allows redistribution against an OpenSSL which is shipped with the OS. >>>> >>>> 1) Is this still true? If so, then we need to start tagging them as >>>> Restrictive. >>>> 2) Does LibreSSL have the same restriction? If not, can we convert over >>>> to use that? >>>> >>>> -- >>>> Alexander Hansen, Ph.D. >>>> Fink User Liaison >>>> >>> >>> 1) IANAL, so I can’t answer this, but the issue isn’t that OpenSSL’s >>> license forbids distribution. The problem is that because of OpenSSL’s >>> “original” BSD license with the advertising clause, it is incompatible with >>> the GPL. The GPL *does* allow linking to libraries that come with an OS, so >>> that’s where the workaround used to be. >>> >>> 2) LibreSSL (and BoringSSL but we don’t have that package) is a fork of >>> OpenSSL and therefore must use the same license. I believe they have been >>> trying to get things relicensed but that’s an almost impossible job since >>> there’s some really old code in there. >>> >>> Daniel >>> >> >> 1+2) Ah. gotcha. As a simple base example then, is our cvs package, which >> uses openssl100, in violation? And if so, do we have to mark it as >> Restrictive? Or worse yet, pull it and stop supporting selfupdate-cvs on >> distributions where Xcode doesn’t have cvs ? >> >> -- >> Alexander Hansen, Ph.D. >> Fink User Liaison >> > > This is a good run-down: > https://people.gnome.org/~markmc/openssl-and-the-gpl.html > > Some packages have an explicit “OpenSSL is Ok” clause added to the GPL. cvs > does not, but looking at the code, it looks like libcrypto is only used as a > requirement for Kerberos and Apple’s Kerberos doesn’t need that. I’ll have to > look at it closer. It may be possible to drop the dep. > > Daniel >
Ok, cvs doesn’t link to or even check for openssl. The dep is probably a relic of an old Kerberos.framework that published -lcrypto in its config program. I’ve removed the dep and reved up. Daniel
signature.asc
Description: Message signed with OpenPGP using GPGMail
------------------------------------------------------------------------------
_______________________________________________ Fink-devel mailing list Fink-devel@lists.sourceforge.net List archive: http://news.gmane.org/gmane.os.apple.fink.devel Subscription management: https://lists.sourceforge.net/lists/listinfo/fink-devel
