Hi, One thing you didn't mention is using GnuTLS.
It's LGPL'd, it's GNU, and it even has a partial openssl-compatible layer. That's what we recommend before considering adding an exception (which has the problems you mentioned). -- Sylvain On Thu, Jan 22, 2009 at 08:56:53AM +0200, Yavor Doganov wrote: > Nicodemo Alvaro wrote: > > If you take a look at this license notice you would find that it is > > incompatible with the GPL. > > Yes, that's a well known issue, see > http://www.gnome.org/~markmc/openssl-and-the-gpl.html. > > > The project GiVME has a dependency on openssl. > > It should have a special exception similar to other packages linking > against openssl (see gnubiff, for example). The tricky part is that > it's not sufficient that only the program has the exception, the > licenses of other libraries must be compatible as well. So if you > have an app foo under GPL+OpenSSL exception linking both against > libopenssl and libbar (pure GPL), that's not OK. > > It becomes even trickier for indirect linking. For example, Gajim is > under GPLv3 only and optionally depends on python-openssl (OpenSSL > Python bindings), which is under LGPL, but links against libopenssl. > I'm not sure whether an exception is required in this case, but it > seems logical that it should be. > > Another classic example of indirect linking is if you link against a > library which itself links with openssl (like libsnmp). > > > Openssl is distributed with GNewSense, so maybe I am missing > > something. > > Sure, it's free software, so why not? > > FWIW, there was a discussion between Brett Smith and some Debian folks > (Steve Langasek, Anthony Towns, IIRC) a few years ago on debian-legal. > They defended the position that openssl fulfils the criteria of a > "system library" in a distro like Debian, as it's part of the minimal > installation and too many packages of priority > "required|important|standard" depend on it. I don't remember whether > Brett bought the argument.
