"brian m. carlson" writes:
>> > If you think the system library exception should not apply to any
>> > library in Debian, would Debian need to stop linking any GPL-2 software
>> > against any of GCC's runtime libraries?
>>
>> Yes, Debian would indeed need to do so. It violates the license to
>> distribute, on the whole, a GPLv2 program linked against code which is
>> not compatible with the GPLv2, unless an exception applies (which it
>> does not here).
>
> Actually, it appears that the GCC Runtime Library Exception appears to
> allow distribution under "terms of your choice", so I'd say that's not a
> problem. We can convey the result under the GPLv2 and so there's no
> problem.
No, as far as I understand it the GNU Runtime Library Exception doesn't
allow distributing the *source code* under terms compatible with the
GPL-2, but that would be a requirement of the GPL-2-licensed software.
But the GCC Runtime Library Exception cannot remove the requirement
for doing so from GPL-2-licensed software.
> I think this is qualitatively different than OpenSSL, which has a
> deliberately incompatible license with respect to the GPLv2.
The GCC runtime libraries are under GPL-3 which is deliberately
incompatible with respect to the GPL-2, see [1].
So to me asking Debian to not rely on the system library exceptions
requires to at least:
(1) Remove all GPL-2-licensed software (GPL-2-or-later would be okay)
that uses any GCC runtime library. And/or replace GCC.
(2) Remove all GPL-2-licensed software that uses OpenSSL.
(3) I think there might be more similar cases which would also need to
be dealt with.
This looks like a very disruptive change.
On the other side Debian has tolerated (1) forever (or at least since
GPL-3 and this particular problem exist) and even (2) for a far longer
time than it seems as languages that use `dlopen()` instead of linking
information in binary objects, were tolerated. OpenSSL is for example
pretty widely used in Python, including GPL-2-only projects. (Writing
`import something_using_ssl` vs `-lsomething_using_ssl` is a small
technical difference, but both end up instructing the runtime linker to
load some library.)
So Debian could also treat OpenSSL the same as GCC runtime libraries and
as it already does for other ways to link OpenSSL. Other distributions
like Fedora seem to do the same. Some distributions do even more
controversial things (ZFS on Ubuntu?)
I think Debian should try to provide a free operating system, not
necessarily having the narrowest-possible interpretation of free
software licenses. It's not like OpenSSL is non-free software or takes
away some user freedom.
Ansgar
[1]: https://www.gnu.org/licenses/gpl-faq.html#v2v3Compatibility
