Re: Can GPLed programs use Heimdal?
On Wed, Nov 14, 2001 at 09:21:04AM -0500, Sam Hartman wrote: [please respect mail-followup-to and keep debian-kerberos copied] Hi. We're working on some consensus guidelines among the Kerberos maintainers to help packagers who want to add Kerberos support to their packages. A legal question has come up. The Heimdal implementation links against libssl in order to get its crypto. How does this effect GPLed applications? Note that the applications do not normally call any routines from libssl; they only call Heimdal routines indirectly. Another thing that may make this different than the standard libssl linking question is that there are multiple implementations of Kerberos. The APIs are not the same so some applications only work with Heimdal, but other applications work both with Heimdal and the MIT implementation. Is the existence of another implementation enough to allow us to ignore the libssl dependency and link against Heimdal? Would that MIT Kerberos and Heimdal were ABI-compatible; then there would be no question that it was legal to link GPL software against Heimdal, because it would be indistinguishable from linking against MIT Kerberos, which is permitted. Currently, however, it's my impression that indirect linking against libssl is as prohibited as direct linking against libssl. The net result is the same, namely that the GPL binary has a dependency on libraries that have an incompatible license. This 'indirect linking' is equivalent to someone writing a proprietary library, providing a GPL wrapper that includes the only entry points that people will link against, and claiming the whole unit is GPL-compatible. Steve Langasek postmodern programmer pgpc1EsKEK8il.pgp Description: PGP signature
Re: Can GPLed programs use Heimdal?
On Wed, Nov 14, 2001 at 09:05:33 -0600, Steve Langasek wrote: On Wed, Nov 14, 2001 at 09:21:04AM -0500, Sam Hartman wrote: The Heimdal implementation links against libssl in order to get its crypto. How does this effect GPLed applications? Note that the applications do not normally call any routines from libssl; they only call Heimdal routines indirectly. Currently, however, it's my impression that indirect linking against libssl is as prohibited as direct linking against libssl. I agree. Thus, for GPLed applications using Heimdal linked against OpenSSL an explicit exception statement by their copyright holders allowing linking against OpenSSL is needed. Another approach, which involves more work initially, but does away with needing GPL exception statements for every Heimdal-using GPLed application, would be to port Heimdal to a GPL-compatibly-licensed crypto library like GnuTLS, gcrypt or beecrypt. Ray -- POPULATION EXPLOSION Unique in human experience, an event which happened yesterday but which everyone swears won't happen until tomorrow. - The Hipcrime Vocab by Chad C. Mulligan
