Re: GPL-2-only packages using GPL-3+ readline
On Sat, 02 Jan 2021 11:16:03 -0500 John Scott wrote: > In general, this license clash doesn't seem to be a strictly downstream issue. Well, in my own personal opinion, it is also (if not mainly) an issue for anyone who distributes prebuilt binaries linked with the incompatible library... Hence, I think it is indeed a downstream issue (too)... > Perhaps you should file bugs with the upstream projects to either revise > their > licensing if they can or explicitly depend on libeditreadline-dev, especially > for the projects that fail to build with it. ...although I agree that each of these issues is best resolved upstream, if possible. I think that the possible suggestions for the upstream developers (or, if all else fails, for the Debian package maintainers) should be one of the following alternatives (in descending order of preference): a) port the program to a GPLv2-compatible readline replacement (such as libedit or similar, possibly by using a shim library such as libeditreadline) b) re-license the program from GPLv2-only to GPLv2-or-later c) disable any link with readline and make do without command editing/history (which is not great, but it could be necessary in some cases) d) build the program by linking with an old GPLv2-compatible version of readline Please note that the drawbacks of option c could be mitigated by using wrappers such as rlwrap or rlfe... [...] > In any case I appreciate the digging you've done. +1 -- http://www.inventati.org/frx/ There's not a second to spare! To the laboratory! . Francesco Poli . GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE pgpb7Ua4FDOmC.pgp Description: PGP signature
Re: GPL-2-only packages using GPL-3+ readline
There are a few lawyers here, myself included, though I’m not sure anyone on list actually has an attorney-client relationship with the distro or its makers (and to be clear, I have no such relationship and nothing I say here should be construed as legal advice). All of that said, the suggestion to use an older readline version with GPLv2 or GPLv2+ licensing when building with GPLv2-only packages seems appropriate to me. Happy New Year everyone! Best, Jim Sent from my iPhone, apologies for misspellings, odd autocorrects, misplaced edits and other randomness. > On Jan 2, 2021, at 2:48 AM, Simon McVittie wrote: > > On Sat, 02 Jan 2021 at 00:48:43 +0100, Bastian Germann wrote: >> There are some packages with GPL-2-only licensed binaries that link with >> GPL-3+ licensed libreadline.so.8. I do not know Debian-legal's current >> interpretation on that matter. > > debian-legal is purely advisory, does not control what is in Debian, and > does not necessarily contain any actual lawyers. The archive administrators > are the group that controls what is and isn't > accepted into Debian. > >smcv >(not a lawyer either) >
Re: GPL-2-only packages using GPL-3+ readline
In general, this license clash doesn't seem to be a strictly downstream issue. Perhaps you should file bugs with the upstream projects to either revise their licensing if they can or explicitly depend on libeditreadline-dev, especially for the projects that fail to build with it. I think you would offer more to say on the dilemma than individual package maintainers, unless your findings were machine-driven going off, say, debian/ copyright (then validating the entries could be left up to them). In any case I appreciate the digging you've done. > maxima Check the maxima-sage package too; they have their own source package because they need a build with a different Lisp implementation, and splitting into two source packages had proved easier than not. signature.asc Description: This is a digitally signed message part.
Re: GPL-2-only packages using GPL-3+ readline
On Sat, 02 Jan 2021 at 00:48:43 +0100, Bastian Germann wrote: > There are some packages with GPL-2-only licensed binaries that link with > GPL-3+ licensed libreadline.so.8. I do not know Debian-legal's current > interpretation on that matter. debian-legal is purely advisory, does not control what is in Debian, and does not necessarily contain any actual lawyers. The archive administrators are the group that controls what is and isn't accepted into Debian. smcv (not a lawyer either)
GPL-2-only packages using GPL-3+ readline
Hi, There are some packages with GPL-2-only licensed binaries that link with GPL-3+ licensed libreadline.so.8. I do not know Debian-legal's current interpretation on that matter. The FSF is on the position that a derivative work of a GPL-3 work cannot be GPL-2-only licensed: https://www.gnu.org/licenses/gpl-faq.html#AllCompatibility The packages in question are the following: abook bluez connman devtodo maxima nftables atari800 (see #977654) avrdude ctsim ferret-vis grads jackd2 multipath-tools omake teg All packages compile with replacing build-dependency libreadline-dev with the orphaned libreadline-gplv2-dev. The second group can also build-depend on libeditreadline-dev instead, which links with libedit. Both replacements would heal the license issue. Thanks for your comments, Bastian
