On 23-06 14:54, Iñaki Baz Castillo wrote:
2009/6/23 Iñaki Baz Castillo ibc@aliax.net:
If Debian wants to provide official SR packages, them they could choose to use the GnuTLs version instead (by creating their own "control" file).
ops, my mistake. The *already* compiled DEB packages don't require de -dev packages, of course, but just the runtime libraries (libcurl3 or libcurl3-gnutls).
Some questions:
- If the deb package is compiled with libcurl4-openssl-dev, could the
deb package itself require libcurl3-gnutls instead of libcurl3? Would it work?
No, the binary package will depend on libcurl3-gnutls and libgnutls.
- If there any licence issue if a DEB package requires libcurl3 (OpenSSL)?
The OpenSSL license contains a clause which, according to the FSF, is incompatible with GPL. (The clause requires certain text to be present in all material). Thus GPL software, such as SER/Kamailio/sip-router, build with openssl is not GPL compatible anymore.
The solution suggested by the OpenSSL project is to add an exception to the license which explicitly permits to use the sofware with OpenSSL. This kind of change needs to be approved by all (c) holders. In our case we would need to get the approval from *all* contributors to both projects, which is probably not feasible. IANAL but this applies to the whole source tree, not just selected modules that use openssl.
To me this looks like a catch-22 situation more than a real licensing issue. The OpenSSL license requires that extra acknowledgement in all documents and according to FSF this make the license more restrictive than GPL itself.
So, a .deb package of ser/kamailio/sr build with OpenSSL is not GPL compatible anymore and this violates the license of the project if such package is distributed.
I seriously doubt that we could find a single (c)-owner in both projects who would be opposed to adding the exception to the license, so in my opinion the problem is purely procedural--it is difficult to make a list of all contributors and approach them individually.
- If there any licence issue if an *official* DEB package is compiled
with libcurl4-openssl-dev instead of libcurl4-gnutls-dev?
Opinions differ on this, but Debian people think so. By distributing binary packages of GPL software linked with openssl (and without the exception in the license) they are afraid that they would violate the terms of GPL. Debian probably wants to stay on the safe side, which is understandable given the sheer volume of software they distribute.
Jan.
PS: IANAL so do not trust a single word I just wrote.