Re: Bug#485553: ITP: charybdis -- fast, scalable irc server
On Mon, Jun 09, 2008 at 11:43:53PM -0500, William Pitcock wrote: * URL : http://www.ircd-charybdis.net * License : GPL Like oftc-hybrid, I intend to link this to OpenSSL. Since nobody seems to care about that, I'm going to assume that it's OK. People DO care, and it is not OK. Linking with OpenSSL is only allowed if there is an exemption to the license of charybdis that explicitly allows linking to the OpenSSL. See for example this page which gives a nice summary and links to some related debian-legal emails: http://www.gnome.org/~markmc/openssl-and-the-gpl.html -- Met vriendelijke groet / with kind regards, Guus Sliepen [EMAIL PROTECTED] signature.asc Description: Digital signature
Re: Bug#485553: ITP: charybdis -- fast, scalable irc server
2008/6/10 Guus Sliepen [EMAIL PROTECTED]: On Mon, Jun 09, 2008 at 11:43:53PM -0500, William Pitcock wrote: * URL : http://www.ircd-charybdis.net * License : GPL Like oftc-hybrid, I intend to link this to OpenSSL. Since nobody seems to care about that, I'm going to assume that it's OK. People DO care, and it is not OK. Linking with OpenSSL is only allowed if there is an exemption to the license of charybdis that explicitly allows linking to the OpenSSL. See for example this page which gives a nice summary and links to some related debian-legal emails: http://www.gnome.org/~markmc/openssl-and-the-gpl.html I don't know if it's possible, but you might want to try to link it to GNUTLS [1] instead. Greetings, Miry [1] http://www.gnu.org/software/gnutls/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Bug#485553: ITP: charybdis -- fast, scalable irc server
Hi, On Tue, 2008-06-10 at 11:21 +0200, Guus Sliepen wrote: On Mon, Jun 09, 2008 at 11:43:53PM -0500, William Pitcock wrote: * URL : http://www.ircd-charybdis.net * License : GPL Like oftc-hybrid, I intend to link this to OpenSSL. Since nobody seems to care about that, I'm going to assume that it's OK. People DO care, and it is not OK. Linking with OpenSSL is only allowed if there is an exemption to the license of charybdis that explicitly allows linking to the OpenSSL. See for example this page which gives a nice summary and links to some related debian-legal emails: It is likely impossible to add an exemption to most IRCd notable exceptions include ngircd or inspircd, because some of the original ircd 2.8 contibutors are now dead. Due to packet interception and logging, SSL support in IRC daemons is becoming a hot topic. Without OpenSSL, packaging charybdis is pointless for me, as the whole idea of packaging it would be to make it easier to install on my systems. And without OpenSSL, it isn't easier for me to install because I would have to rebuild the package with OpenSSL. So, in a nutshell, nobody in the current IRCd development community cares about perceived GPL+OpenSSL compatibility issues, so only Debian does, which is ok, but that's not so useful when Debian is already shipping packages linked against OpenSSL with no exception (see below). Here's some packages which are linked against OpenSSL and should not be (this is not an all exhaustive list, you should grep-dctrl on a Sources or something): - epic4 (impossible to get an exception, dead contributors) - inspircd would but I chose not to build that module because they ship a gnutls one instead (charybdis is basically stuck with openssl due to using libcrypto directly) - oftc-hybrid (impossible to get an exception, dead contributors) - openvpn (may or may not have exception, more checking needed) - xchat (might be possible to get an exception, but author doesn't care about GPL anyway, see also: Shareware XChat for win32) - znc (status unknown, but i see no exception in the source) So, in the grand scheme of things, I don't really think one more package linked against OpenSSL is going to hurt anything. If it makes you happy, I could bolt an exception on the code, but I doubt it would hold water due to the fact that there are dead copyright holders. But at the moment, porting to GnuTLS is really not an option, as I would have to port to GCrypt too for the cert exchange, and that couldn't be easily done with libgnutls-extra. I suppose using libgnutls-extra and not supporting X.509 cert auth for gaining admin access is an acceptable compromise provided that libgnutls-extra implements enough of the OpenSSL API. William signature.asc Description: This is a digitally signed message part
Re: Bug#485553: ITP: charybdis -- fast, scalable irc server
William Pitcock wrote: - epic4 (impossible to get an exception, dead contributors) You are wrong to the impossible to get an exception, dead contributors, in this sentence and in other sentences: The copyright go to the heirs, so you could contact the heirs. Anyway, we should follow the copyright law. If we do exception to GPL, other people will think they could also make esceptions to GPL, losing the value of the GPL, and all people will lose. Don't think only on these project, where it would be very convenient to make exceptions, but if you broke in one place the GPL, why our users should not make additional exceptions and not disclose sources? So this annoyance will allow us to sue people violating the GPL. Think: it is a great advantage! ciao cate -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Bug#485553: ITP: charybdis -- fast, scalable irc server
This one time, at band camp, William Pitcock said: Hi, On Tue, 2008-06-10 at 11:21 +0200, Guus Sliepen wrote: On Mon, Jun 09, 2008 at 11:43:53PM -0500, William Pitcock wrote: * URL : http://www.ircd-charybdis.net * License : GPL Like oftc-hybrid, I intend to link this to OpenSSL. Since nobody seems to care about that, I'm going to assume that it's OK. People DO care, and it is not OK. Linking with OpenSSL is only allowed if there is an exemption to the license of charybdis that explicitly allows linking to the OpenSSL. See for example this page which gives a nice summary and links to some related debian-legal emails: So, in a nutshell, nobody in the current IRCd development community cares about perceived GPL+OpenSSL compatibility issues, so only Debian does, which is ok, but that's not so useful when Debian is already shipping packages linked against OpenSSL with no exception (see below). Upstreams being brain dead about licensing issues is not something really new, unfortunately. This issue has been done to death already, and it seems to me that protesting that we have some other similar bugs is not a justification to introduce a new one. For GPLv3, it does seem like AJ's idea of putting openssl in essential is a reasonable one, and I'd quite like to see it. That doesn't help GPLv2 only apps, though, so I think we're just going to have to live with the status quo on that one. -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
GPL+OpenSSL, Re: Bug#485553: ITP: charybdis -- fast, scalable irc server
On Tue, Jun 10, 2008 at 06:38:19AM -0500, William Pitcock wrote: So, in a nutshell, nobody in the current IRCd development community cares about perceived GPL+OpenSSL compatibility issues, so only Debian does, which is ok, but that's not so useful when Debian is already shipping packages linked against OpenSSL with no exception (see below). [...] So, in the grand scheme of things, I don't really think one more package linked against OpenSSL is going to hurt anything. There are lots of packages which have licensing issues, but we try to resolve those issues. Adding a new one with known issues is not helping, it is hurting our efforts to produce a distribution that is free from licensing issues. I think if you discuss the issue with the other main developers and you agree to add the exemption to the upstream tarball, then it is OK for Debian to distribute charybdis. I don't think dead authors or people who contributed small patches will object, after all the intention was all along that one could freely distribute charybdis linked to OpenSSL. -- Met vriendelijke groet / with kind regards, Guus Sliepen [EMAIL PROTECTED] signature.asc Description: Digital signature
Re: Bug#485553: ITP: charybdis -- fast, scalable irc server
On 11412 March 1977, William Pitcock wrote: So, in a nutshell, nobody in the current IRCd development community cares about perceived GPL+OpenSSL compatibility issues, so only Debian does, which is ok, but that's not so useful when Debian is already shipping packages linked against OpenSSL with no exception (see below). Here's some packages which are linked against OpenSSL and should not be (this is not an all exhaustive list, you should grep-dctrl on a Sources or something): So, in the grand scheme of things, I don't really think one more package linked against OpenSSL is going to hurt anything. Feel free to file bugs, thats why the BTS is open for everyone. But thanks that you told us which package to not accept but just reject from NEW. Always good to have people help us. -- bye, Joerg Contrary to common belief, Arch:i386 is *not* the same as Arch: any. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Bug#485553: ITP: charybdis -- fast, scalable irc server
On 10-Jun-08, 06:38 (CDT), William Pitcock [EMAIL PROTECTED] wrote: - openvpn (may or may not have exception, more checking needed) The copyright file has the necessary exceptions. Steve -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Bug#485553: ITP: charybdis -- fast, scalable irc server
On Tue, Jun 10, 2008 at 06:38:19AM -0500, William Pitcock wrote: Here's some packages which are linked against OpenSSL and should not be (this is not an all exhaustive list, you should grep-dctrl on a Sources or something): And what is grep-dctrl supposed to tell anyone? There are lots of packages that build-depend on openssl. How do you intend for anyone to draw conclusions based on the build-depends alone, without reference to license? Or are you just trying to send anyone who disagrees with you on a fool's errand, so they won't interfere with your ITP? - epic4 (impossible to get an exception, dead contributors) debian/copyright shows a BSD license. - inspircd would but I chose not to build that module because they ship a gnutls one instead (charybdis is basically stuck with openssl due to using libcrypto directly) ... therefore not analogous, so why do you include it in this list? - oftc-hybrid (impossible to get an exception, dead contributors) * As a special exception, the authors give permission to link the code of this * release of oftc-hybrid with the OpenSSL project's OpenSSL library (or * with modified versions of it that use the same license as the OpenSSL * library), and distribute the linked executables. You must obey the GNU * General Public License in all respects for all of the code used other than * OpenSSL. If you modify the code, you may extend this exception to your * version of the files, but you are not obligated to do so. If you do not * wish to do so, delete this exception statement from your version. - openvpn (may or may not have exception, more checking needed) Has an exception, already mentioned. - xchat (might be possible to get an exception, but author doesn't care about GPL anyway, see also: Shareware XChat for win32) License: This program is released under the GPL v2 with the additional exemption that compiling, linking, and/or using OpenSSL is allowed. You may provide binary packages linked to the OpenSSL libraries, provided that all other requirements of the GPL are met. See file COPYING for details. The debian/copyright on this one is rather horrid looking, it lists 6 licenses in a row with no indication of which license applies to what components. This probably warrants a bug report for clarification; but at first look, it appears that the effort has already been made to secure an exception for the components that require it. - znc (status unknown, but i see no exception in the source) In addition, as a special exception, the copyright holders give permission to link the code of portions of this program with the OpenSSL library under certain conditions as described in each individual source file, and distribute linked combinations including the two. You must obey the GNU General Public License in all respects for all of the code used other than OpenSSL. If you modify file(s) with this exception, you may extend this exception to your version of the file(s), but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. If you delete this exception statement from all source files in the program, then also delete it here. So, in the grand scheme of things, I don't really think one more package linked against OpenSSL is going to hurt anything. No, you're the only one who seems to be playing fast and loose with licensing here. *None* of the examples you've cited to try to support your position appear to have the licensing problem in question; everyone else is making a good-faith effort to get this right. If it makes you happy, I could bolt an exception on the code, but I doubt it would hold water due to the fact that there are dead copyright holders. There are dead /authors/, not dead copyright holders. Dead people can't hold copyright; copyright transfers to the heirs when the author dies. The reason it wouldn't hold water is that exceptions have to be granted by the copyright holders. You can't bolt an exception on *for* them, you need to get this approved by the people who actually hold copyright on this code. You can of course provide an exception for any of your own code, but that doesn't result in a distributable binary package unless yours is the only code used in the program that links to OpenSSL. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developerhttp://www.debian.org/ [EMAIL PROTECTED] [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Bug#485553: ITP: charybdis -- fast, scalable irc server
On Tue, 2008-06-10 at 10:46 -0700, Steve Langasek wrote: - oftc-hybrid (impossible to get an exception, dead contributors) * As a special exception, the authors give permission to link the code of this * release of oftc-hybrid with the OpenSSL project's OpenSSL library (or * with modified versions of it that use the same license as the OpenSSL * library), and distribute the linked executables. You must obey the GNU * General Public License in all respects for all of the code used other than * OpenSSL. If you modify the code, you may extend this exception to your * version of the files, but you are not obligated to do so. If you do not * wish to do so, delete this exception statement from your version. You've been conned. OFTC-Hybrid is based on Hybrid which is based on 2.8 and therefore cannot add such an exception; it is effectively in the same boat that charybdis is in. I could lie and add the same exception to my debian/copyright too, but it wouldn't be true and it wouldn't be right to do so. Furthermore, a grep of that string in the source brings no results other than debian/copyright, which demonstrates that nothing actually HAS this exception anyway: [EMAIL PROTECTED]:~/oftc-hybrid-1.6.3.dfsg$ grep As a special exception, the authors give permission * -R debian/copyright: * As a special exception, the authors give permission to link the code of this [EMAIL PROTECTED]:~/oftc-hybrid-1.6.3.dfsg$ At any rate, I intend to wait until version 3.1 of charybdis anyway now, which has a GNUTLS backend (I've written it, and it just needs to be debugged). William signature.asc Description: This is a digitally signed message part
Re: Bug#485553: ITP: charybdis -- fast, scalable irc server
William Pitcock wrote: - znc (status unknown, but i see no exception in the source) Wow, you had me thinking I was a copyright fool for a minute there (and wondering how such a mistake got past the ftpmasters), until I took a look at znc's debian/copyright and LICENSE.OpenSSL: In addition, as a special exception, the copyright holders give permission to link the code of portions of this program with the OpenSSL library under certain conditions as described in each individual source file, and distribute linked combinations including the two. [...] -- see shy jo signature.asc Description: Digital signature
Re: Bug#485553: ITP: charybdis -- fast, scalable irc server
On Tue, Jun 10, 2008 at 11:50:47AM +0200, Miriam Ruiz wrote: 2008/6/10 Guus Sliepen [EMAIL PROTECTED]: On Mon, Jun 09, 2008 at 11:43:53PM -0500, William Pitcock wrote: * URL : http://www.ircd-charybdis.net * License : GPL Like oftc-hybrid, I intend to link this to OpenSSL. Since nobody seems to care about that, I'm going to assume that it's OK. People DO care, and it is not OK. Linking with OpenSSL is only allowed if there is an exemption to the license of charybdis that explicitly allows linking to the OpenSSL. See for example this page which gives a nice summary and links to some related debian-legal emails: http://www.gnome.org/~markmc/openssl-and-the-gpl.html I don't know if it's possible, but you might want to try to link it to GNUTLS [1] instead. GNUTLS has an OpenSSL portability layer, but it is not complete. It would require some porting work. Btw, the build system in ircd-charybdis considers OpenSSL an optional dependency. If it's an optional feature, why not just disable it untill a better solution is found? -- Robert Millan GPLv2 I know my rights; I want my phone call! DRM What good is a phone call… if you are unable to speak? (as seen on /.) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Bug#485553: ITP: charybdis -- fast, scalable irc server
Hi, On Tue, 2008-06-10 at 15:04 -0400, Joey Hess wrote: William Pitcock wrote: - znc (status unknown, but i see no exception in the source) Wow, you had me thinking I was a copyright fool for a minute there (and wondering how such a mistake got past the ftpmasters), until I took a look at znc's debian/copyright and LICENSE.OpenSSL: In addition, as a special exception, the copyright holders give permission to link the code of portions of this program with the OpenSSL library under certain conditions as described in each individual source file, and distribute linked combinations including the two. [...] That list was, among other things, based on comments made by upstream authors about usage of OpenSSL and this problem. I'm glad to hear that psychon has changed his mind though. I've filed bugs on the actual packages that don't hold water, now. William signature.asc Description: This is a digitally signed message part
Re: Bug#485553: ITP: charybdis -- fast, scalable irc server
Hi, On Tue, 2008-06-10 at 21:18 +0200, Robert Millan wrote: On Tue, Jun 10, 2008 at 11:50:47AM +0200, Miriam Ruiz wrote: 2008/6/10 Guus Sliepen [EMAIL PROTECTED]: On Mon, Jun 09, 2008 at 11:43:53PM -0500, William Pitcock wrote: * URL : http://www.ircd-charybdis.net * License : GPL Like oftc-hybrid, I intend to link this to OpenSSL. Since nobody seems to care about that, I'm going to assume that it's OK. People DO care, and it is not OK. Linking with OpenSSL is only allowed if there is an exemption to the license of charybdis that explicitly allows linking to the OpenSSL. See for example this page which gives a nice summary and links to some related debian-legal emails: http://www.gnome.org/~markmc/openssl-and-the-gpl.html I don't know if it's possible, but you might want to try to link it to GNUTLS [1] instead. GNUTLS has an OpenSSL portability layer, but it is not complete. It would require some porting work. Btw, the build system in ircd-charybdis considers OpenSSL an optional dependency. If it's an optional feature, why not just disable it untill a better solution is found? Because SSL is a requirement for my requirements. I wish to replace inspircd with something that is more suited for my requirements (e.g. something I can use CGI:IRC with, without having ban-evasion issues). We've already found a temporary solution (although I certaintly don't like the side effect that it makes the daemon binary GPLv3), which is to use the portability layer until a native backend for GNUTLS is written (and just simply not have the certificate-based opering feature until it's properly abstracted -- right now it's dependent on libcrypto availability). Obviously a native GNUTLS backend is the best solution, but releasing charybdis 3.0.2 with an openssl.c that can build against gnutls-extra is fine for the immediate future. William signature.asc Description: This is a digitally signed message part
