Erik Wagner <[email protected]> writes:
> I might not be the first to ask this
Actually, you are.
> but could you please consider to
> change the license from LGPLv3 (in dual license part) to LGPLv2 or LGPLv2+
> The v3 part of LGPL adds the anti-tivoization requirement (provide ability
> for end user to install their own modified lib version onto the end user
> product)
That's intentional. In general, I think it makes sense that if software
upgrades are at all possible, then the user should be in control of
those upgrades.
> and that in practice prevents the use of the nettle library in
> majority of commercial embedded products. Allowing end users to
> replace/install individual libs on production devices (not just a
> development board) brings in unacceptable security hole for majority of
> commercial consumer devices.
Saying that it is a "security hole" is a rather bold statement, and I
doubt it is generally correct. Please provide some details on what the
problem is, and what's the underlying security model. Off the top of my
head, I can see that it may be a problem if the security model treats
the user as the adversary, typical of DRM systems and the like.
> It results that many companies have or are moving away from eg "gnutls"
> and forced to look at other alternatives to be able to meet the license
> requirements.
Can you substantiate this claim?
> ("gnutls" is used by default in "glib-networking" and on its
> own has acceptable LGPLv2 license but given its dependencies on libnettle
> and gmplib that have dual license GPLv2 | LGPLv3, latter license
> obligations apply and all uper layer code becomes infected, either all
> upper layer code need to be made public (GPLv2 requirement) or
> anti-tivoization LGPLv3 end user install requirement must be met)
I'm not a lawyer, but I think your understanding of the intended
implications of the licensing requirements are technically accurate. But
if you want to have a constructive discussion licensing terms of Nettle
(or any other GNU or copyleft software), please abstain from offensive
language like "infected".
> Please consider to change back to LGPLv2 or dual license GPLv2 |
> LGPLv2
This is unlikely to happen. If you want it to be considered seriously,
please substantiate a concrete usecase where you think it matters.
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale government surveillance.
_______________________________________________
nettle-bugs mailing list -- [email protected]
To unsubscribe send an email to [email protected]
