Re: Python GPL-3+ program w/o OpenSSL exception using python-requests
❦ 17 janvier 2015 19:14 +0100, W. Martin Borgert deba...@debian.org : sorry, if this question has been discussed before. Python program or library X is licensed under GPL3+ without OpenSSL exception. X does use the python-requests library, which on load dynamically links the Python interpreter with the OpenSSL library. This is X: A close issue has already been discussed [1] but it was mostly ignored. Doing import readline and import ssl triggers the problem without introducing a third-party program. Running python interactively loads the readline module. Just typing import ssl here is a license violation. Running ipython loads both readline and ssl module. My conclusion is that if you have a GPL program importing the ssl module, you can ignore the licensing issue on either the ground that nobody really cares or the fact that OpenSSL should be considered as a system library (and this is easier with GPLv3 than it was with GPLv2). [1]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=498857 -- Let the machine do the dirty work. - The Elements of Programming Style (Kernighan Plauger) signature.asc Description: PGP signature
Re: Python GPL-3+ program w/o OpenSSL exception using python-requests
On 18/01/15 08:18, Vincent Bernat wrote: ❦ 17 janvier 2015 19:14 +0100, W. Martin Borgert deba...@debian.org : Python program or library X is licensed under GPL3+ without OpenSSL exception. X does use the python-requests library, which on load dynamically links the Python interpreter with the OpenSSL library. A close issue has already been discussed [1] but it was mostly ignored. Doing import readline and import ssl triggers the problem without introducing a third-party program. Copyright law says nothing about loading shared libraries, and quite a lot to say about creating derivative works. The important thing from a legal point of view is not does python's address space contain both readline and OpenSSL? - that's interesting evidence, but not actually the question that a court case would seek to determine. The important thing is has a derivative work of readline and OpenSSL been created? and that's rather less clear-cut. See also http://lwn.net/Articles/548216/ for related discussion. S -- To UNSUBSCRIBE, email to debian-legal-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/54bb7cad.9090...@debian.org
Re: Python GPL-3+ program w/o OpenSSL exception using python-requests
On 2015-01-18 15:09, Riley Baird wrote: Then as is, the software can't go into Debian. Maybe you could try contacting upstream to ask them for an OpenSSL exception? Upstream has been contacted. So far they seem to think, that this is a Debian internal issue and don't want to add anything to their license (GPL-3+). I'll try again. See https://github.com/xray7224/PyPump/issues/101 -- To UNSUBSCRIBE, email to debian-legal-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150118111601.GA9456@fama
Re: Python GPL-3+ program w/o OpenSSL exception using python-requests
On 2015-01-18 12:23, W. Martin Borgert wrote: On 2015-01-18 12:16, W. Martin Borgert wrote: Upstream has been contacted. So far they seem to think, that this is a Debian internal issue and don't want to add anything to their license (GPL-3+). I'll try again. Isn't the fact that upstream does not care sufficient evidence that in this case upstream is not opposed to linking against OpenSSL? This fact must be documented in debian/copyright and should be equally valid as the formal exception, right? OK, not quite: Upstream explicitly states, that OpenSSL license is incompatible with GPL-3, but is seen by them as system library if it does provide functions via the Python standard library. https://github.com/xray7224/PyPump/issues/101#issuecomment-70409244 https://github.com/xray7224/PyPump/issues/101#issuecomment-70409569 Discussion is closed there, so I will upload pypump to Debian on the ground that upstream (= copyright holder!) does not object. OK? -- To UNSUBSCRIBE, email to debian-legal-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/2015011814.GA13999@fama
Re: Python GPL-3+ program w/o OpenSSL exception using python-requests
On 2015-01-18 12:16, W. Martin Borgert wrote: Upstream has been contacted. So far they seem to think, that this is a Debian internal issue and don't want to add anything to their license (GPL-3+). I'll try again. Isn't the fact that upstream does not care sufficient evidence that in this case upstream is not opposed to linking against OpenSSL? This fact must be documented in debian/copyright and should be equally valid as the formal exception, right? -- To UNSUBSCRIBE, email to debian-legal-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150118112351.GA9694@fama
Re: Python GPL-3+ program w/o OpenSSL exception using python-requests
My conclusion is that if you have a GPL program importing the ssl module, you can ignore the licensing issue on either the ground that nobody really cares or the fact that OpenSSL should be considered as a system library (and this is easier with GPLv3 than it was with GPLv2). You might be right, but it would seem that the FTP Masters disagree with you. https://ftp-master.debian.org/REJECT-FAQ.html For what it's worth, I agree with your point that nobody cares, although I disagree with your point that OpenSSL is a system library. (If it were in contrib/non-free, that would be a different story, since they aren't part of Debian.) -- To UNSUBSCRIBE, email to debian-legal-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/54bb90fd.5020...@bitmessage.ch
Re: Python GPL-3+ program w/o OpenSSL exception using python-requests
❦ 18 janvier 2015 12:16 +0100, W. Martin Borgert deba...@debian.org : Then as is, the software can't go into Debian. Maybe you could try contacting upstream to ask them for an OpenSSL exception? Upstream has been contacted. So far they seem to think, that this is a Debian internal issue and don't want to add anything to their license (GPL-3+). I'll try again. From: https://www.gnu.org/licenses/quick-guide-gplv3.html GPLv3 has adjusted the definition of System Library to include software that may not come directly with the operating system, but that all users of the software can reasonably be expected to have. For example, it now also includes the standard libraries of common programming languages such as Python and Ruby. Of course, in the actual license, there is no word about Python. -- question = ( to ) ? be : ! be; -- Wm. Shakespeare signature.asc Description: PGP signature
Re: Python GPL-3+ program w/o OpenSSL exception using python-requests
On 19/01/15 01:22, W. Martin Borgert wrote: On 2015-01-18 12:23, W. Martin Borgert wrote: On 2015-01-18 12:16, W. Martin Borgert wrote: Upstream has been contacted. So far they seem to think, that this is a Debian internal issue and don't want to add anything to their license (GPL-3+). I'll try again. Isn't the fact that upstream does not care sufficient evidence that in this case upstream is not opposed to linking against OpenSSL? This fact must be documented in debian/copyright and should be equally valid as the formal exception, right? OK, not quite: Upstream explicitly states, that OpenSSL license is incompatible with GPL-3, but is seen by them as system library if it does provide functions via the Python standard library. https://github.com/xray7224/PyPump/issues/101#issuecomment-70409244 https://github.com/xray7224/PyPump/issues/101#issuecomment-70409569 Discussion is closed there, so I will upload pypump to Debian on the ground that upstream (= copyright holder!) does not object. OK? OK. It can't hurt to try - this does seem like a special case. I hope that pypump gets accepted! -- To UNSUBSCRIBE, email to debian-legal-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/54bc0941.2070...@bitmessage.ch
Re: Python GPL-3+ program w/o OpenSSL exception using python-requests
On 18/01/15 05:14, W. Martin Borgert wrote: Hi, sorry, if this question has been discussed before. So far, I could not find a conclusive answer. Please Cc me. Python program or library X is licensed under GPL3+ without OpenSSL exception. X does use the python-requests library, which on load dynamically links the Python interpreter with the OpenSSL library. This is X: #!/usr/bin/python3 __license__ = GPL-3+ w/o OpenSSL exception import os import subprocess import requests if __name__ == __main__: lsof = subprocess.Popen([lsof, -p, str(os.getpid())], stdout=subprocess.PIPE) out, _ = lsof.communicate() for s in out.decode().split(\n): if /libssl.so. in s: print(s) As one can see, the process X links the OpenSSL library. Can X be distributed legally by Debian? If you could make a version of python-requests with the OpenSSL parts removed, then yes. Otherwise, no. Also, if the writer of the module specifically states w/o OpenSSL exception, and then links to OpenSSL (like in the above example), then I would be very suspicious. -- To UNSUBSCRIBE, email to debian-legal-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/54bac86e.7010...@bitmessage.ch
Re: Python GPL-3+ program w/o OpenSSL exception using python-requests
On 2015-01-18 07:39, Riley Baird wrote: If you could make a version of python-requests with the OpenSSL parts removed, then yes. Otherwise, no. If one imports requests from Debian, OpenSSL is used. No idea how to prevent this. Also, if the writer of the module specifically states w/o OpenSSL exception, and then links to OpenSSL (like in the above example), then I would be very suspicious. No, this has been added by me just for the example. -- To UNSUBSCRIBE, email to debian-legal-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150117223439.GC6021@fama
Re: Python GPL-3+ program w/o OpenSSL exception using python-requests
On 18/01/15 09:34, W. Martin Borgert wrote: On 2015-01-18 07:39, Riley Baird wrote: If you could make a version of python-requests with the OpenSSL parts removed, then yes. Otherwise, no. If one imports requests from Debian, OpenSSL is used. No idea how to prevent this. Then as is, the software can't go into Debian. Maybe you could try contacting upstream to ask them for an OpenSSL exception? -- To UNSUBSCRIBE, email to debian-legal-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/54bb31ee.1030...@bitmessage.ch
Python GPL-3+ program w/o OpenSSL exception using python-requests
Hi, sorry, if this question has been discussed before. So far, I could not find a conclusive answer. Please Cc me. Python program or library X is licensed under GPL3+ without OpenSSL exception. X does use the python-requests library, which on load dynamically links the Python interpreter with the OpenSSL library. This is X: #!/usr/bin/python3 __license__ = GPL-3+ w/o OpenSSL exception import os import subprocess import requests if __name__ == __main__: lsof = subprocess.Popen([lsof, -p, str(os.getpid())], stdout=subprocess.PIPE) out, _ = lsof.communicate() for s in out.decode().split(\n): if /libssl.so. in s: print(s) As one can see, the process X links the OpenSSL library. Can X be distributed legally by Debian? TIA Cheers Btw.: X could also be the python-pypump library. -- To UNSUBSCRIBE, email to debian-legal-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150117181421.GA4874@fama