subject:"Re\: Inquiry about GPL v3 code linked against OpenSSL"

Re: Inquiry about GPL v3 code linked against OpenSSL

2015-09-16 Thread Carles Fernandez

Dear all,

in our case, the switch from OpenSSL to GnuTLS was surprisingly easy. Here you 
have the details: 
https://github.com/gnss-sdr/gnss-sdr/commit/18545077d84c02fe77b2a257a06f6d4456a1359f

GnuTLS provides the gnutls-openssl library, which is a partial implementation 
of OpenSSL. The library is provided by the libgnutls28-dev package. This 
compatibility layer is not complete and it is not intended to completely 
re-implement the OpenSSL API with GnuTLS (it only provides limited source-level 
compatibility), but it was enough for us.

Although our case was straightforward and we didn’t find any special obstacle, 
I expect this could serve as a basis for other people switching from OpenSSL to 
GnuTLS.

Best regards,
Carles

> El 15/9/2015, a las 2:00, Ben Finney  escribió:
> 
> Carles Fernandez  writes:
> 
>> thanks for your clarifications. We will opt for reimplementing our
>> code using GnuTLS.
> 
> Please write something about that process online, either during or soon
> afterward, if you can!
> 
> Re-implementing in GnuTLS makes the licensing situation for a
> copyleft-licensed work much simpler, so we would like to be able to
> recommend that path more often.
> 
> It would be good for future reference to know how much effort it is to
> change the code, and what specific obstacles are actually encountered.
> 
> --
> \  “Anyone who believes exponential growth can go on forever in a |
>  `\finite world is either a madman or an economist.” —Kenneth |
> _o__) Boulding |
> Ben Finney
> 

--

Dr. Carles Fernández Prades
Head of the Communication Systems Division
Senior Researcher

Centre Tecnològic de Telecomunicacions de Catalunya (CTTC)
Address: Parc Mediterrani de la Tecnologia
  Av. Carl Friedrich Gauss, 7
  08860 Castelldefels, Barcelona, Spain.
Phone: +34 936452909Fax: +34 936452901
http://www.cttc.es/people/cfernandez/ 

signature.asc
Description: Message signed with OpenPGP using GPGMail

Re: Inquiry about GPL v3 code linked against OpenSSL

2015-09-14 Thread Francesco Poli

On Mon, 14 Sep 2015 20:20:21 +0200 Carles Fernandez wrote:

> Dear all,

Hello Carles,

> 
> recently, I uploaded a package for gnss-sdr 
> (http://mentors.debian.net/package/gnss-sdr 
> ).

Thanks for contributing to Debian!

> The package was rejected due to a conflict between GPL v3 and the OpenSSL 
> license. From what I've got to know, the upstream license must include an 
> exception to the GPL allowing linkage against OpenSSL.
> 
> I’m also an upstream developer of such software, so I want to implement the 
> required changes for package acceptance. These are the devised steps:
[...]
> We would like to ask if we are on the right path, and if there are any other 
> requirements regarding this issue that we need to address from the upstream 
> side.

The steps seem fine to me, but I am afraid they are not enough.
Any other library linked with gnss-sdr has to be compatible with
OpenSSL.
Hence, if gnss-sdr links with other GPL-licensed libraries lacking the
OpenSSL exception, you will have to persuade their copyright holders to
also add the OpenSSL exception.

If I understand correctly, there are at least libuhd and libgnuradio,
which are linked with gnss-sdr, are GPL-licensed without any OpenSSL
exception. I guess the FSF is unlikely to be persuaded to add an OpenSSL
linking exception...

An alternative approach may be: drop OpenSSL entirely, and link with
some GPL-compatible TLS/SSL implementation instead (such as libgnutls or
libnss or anything else fit for the purpose).

A third alternative strategy is: be patient, and wait for OpenSSL to
switch to a saner license. It seems that some progress on this front has
been (unexpectedly) made on August the 1st, 2015:
https://www.openssl.org/blog/blog/2015/08/01/cla/
The announced plan is to switch to the Apache License version 2.0,
which is GPLv3-compatible (although still GPLv2-incompatible...).
I am not aware of any more recent news on this, though.
BTW, I am not happy about the CLA part and I would be much happier, if
they decided to switch to a simpler and more all-compatible license
(such as the 3-clause BSD license, or the Expat license, or the zlib
license), but that's another story...

I hope this helps a little bit.
Please take into account that what I wrote is my own personal take on
the matter: I do *not* speak on behalf of the Debian Project.
And it's *not* legal advice (I am *not* a lawyer).

Bye.

-- 
 http://www.inventati.org/frx/
 There's not a second to spare! To the laboratory!
. Francesco Poli .
 GnuPG key fpr == CA01 1147 9CD2 EFDF FB82  3925 3E1C 27E1 1F69 BFFE

pgp5zUxmLik1t.pgp
Description: PGP signature

Re: Inquiry about GPL v3 code linked against OpenSSL

2015-09-14 Thread Ben Finney

Carles Fernandez  writes:

> thanks for your clarifications. We will opt for reimplementing our
> code using GnuTLS.

Please write something about that process online, either during or soon
afterward, if you can!

Re-implementing in GnuTLS makes the licensing situation for a
copyleft-licensed work much simpler, so we would like to be able to
recommend that path more often.

It would be good for future reference to know how much effort it is to
change the code, and what specific obstacles are actually encountered.

-- 
 \  “Anyone who believes exponential growth can go on forever in a |
  `\finite world is either a madman or an economist.” —Kenneth |
_o__) Boulding |
Ben Finney

Re: Inquiry about GPL v3 code linked against OpenSSL

2015-09-14 Thread Carles Fernandez

Dear Francesco,

thanks for your clarifications. We will opt for reimplementing our code using 
GnuTLS.

Best regards,
Carles



> El 14/9/2015, a las 23:24, Francesco Poli  
> escribió:
> 
> On Mon, 14 Sep 2015 20:20:21 +0200 Carles Fernandez wrote:
> 
>> Dear all,
> 
> Hello Carles,
> 
>> 
>> recently, I uploaded a package for gnss-sdr 
>> (http://mentors.debian.net/package/gnss-sdr 
>> ).
> 
> Thanks for contributing to Debian!
> 
>> The package was rejected due to a conflict between GPL v3 and the OpenSSL 
>> license. From what I've got to know, the upstream license must include an 
>> exception to the GPL allowing linkage against OpenSSL.
>> 
>> I’m also an upstream developer of such software, so I want to implement the 
>> required changes for package acceptance. These are the devised steps:
> [...]
>> We would like to ask if we are on the right path, and if there are any other 
>> requirements regarding this issue that we need to address from the upstream 
>> side.
> 
> The steps seem fine to me, but I am afraid they are not enough.
> Any other library linked with gnss-sdr has to be compatible with
> OpenSSL.
> Hence, if gnss-sdr links with other GPL-licensed libraries lacking the
> OpenSSL exception, you will have to persuade their copyright holders to
> also add the OpenSSL exception.
> 
> If I understand correctly, there are at least libuhd and libgnuradio,
> which are linked with gnss-sdr, are GPL-licensed without any OpenSSL
> exception. I guess the FSF is unlikely to be persuaded to add an OpenSSL
> linking exception...
> 
> 
> An alternative approach may be: drop OpenSSL entirely, and link with
> some GPL-compatible TLS/SSL implementation instead (such as libgnutls or
> libnss or anything else fit for the purpose).
> 
> 
> A third alternative strategy is: be patient, and wait for OpenSSL to
> switch to a saner license. It seems that some progress on this front has
> been (unexpectedly) made on August the 1st, 2015:
> https://www.openssl.org/blog/blog/2015/08/01/cla/
> The announced plan is to switch to the Apache License version 2.0,
> which is GPLv3-compatible (although still GPLv2-incompatible...).
> I am not aware of any more recent news on this, though.
> BTW, I am not happy about the CLA part and I would be much happier, if
> they decided to switch to a simpler and more all-compatible license
> (such as the 3-clause BSD license, or the Expat license, or the zlib
> license), but that's another story...
> 
> 
> I hope this helps a little bit.
> Please take into account that what I wrote is my own personal take on
> the matter: I do *not* speak on behalf of the Debian Project.
> And it's *not* legal advice (I am *not* a lawyer).
> 
> Bye.
> 
> --
> http://www.inventati.org/frx/
> There's not a second to spare! To the laboratory!
> . Francesco Poli .
> GnuPG key fpr == CA01 1147 9CD2 EFDF FB82  3925 3E1C 27E1 1F69 BFFE

--

Dr. Carles Fernández Prades
Head of the Communication Systems Division
Senior Researcher

Centre Tecnològic de Telecomunicacions de Catalunya (CTTC)
Address: Parc Mediterrani de la Tecnologia
  Av. Carl Friedrich Gauss, 7
  08860 Castelldefels, Barcelona, Spain.
Phone: +34 936452909Fax: +34 936452901
http://www.cttc.es/people/cfernandez/ 






signature.asc
Description: Message signed with OpenPGP using GPGMail

Re: Inquiry about GPL v3 code linked against OpenSSL

Re: Inquiry about GPL v3 code linked against OpenSSL

Re: Inquiry about GPL v3 code linked against OpenSSL

Re: Inquiry about GPL v3 code linked against OpenSSL

4 matches

Site Navigation

Mail list logo

Footer information