Recently, OpenLDAP was updated to use the OpenSSL backend, which causes Git to be linked to OpenSSL via libcurl3t64-gnutls. Reporting that bug in 976991 led me here, since the maintainer said that the ftp-masters believe OpenSSL to be a system library.
Unfortunately, I think the plain reading of the GPLv2 excludes that. The text "unless that component itself accompanies the executable" is clearly satisfied here, since OpenSSL and Git are both distributed on the same ISO images and the same mirror system. (I verified this on a weekly testing image.) It has traditionally been Debian's position that it cannot avail itself of the system library exception, and that has been the position of multiple Debian contributors[0]. That has always been my position as well, and as a major contributor to Git and various other GPLv2 projects, it would be the ethical and legal thing to do to honour the copyright holders' position. It is not in any way a manifestly unreasonable position, and it is and has been widely held in the free software community for a long time. I am aware that Fedora holds the same position, and I also disagree there. I will address that issue with them independently. I noticed this because I use Debian on a daily basis (and have been since shortly after potato) and I don't typically use Fedora. I would like to see Git distributed such that it is not linked directly or indirectly against OpenSSL in trixie since that is trivial to achieve and is the status quo. If there are other GPLv2-incompatible libraries that cannot be easily avoided, I'm happy to wait until forky for those to be fixed. I understand libgcc is such a library and I'm sure that the GCC authors will undertake an appropriate relicensing upon request[2]. I would appreciate the ftp-masters not telling people that distributing GPLv2-only software against OpenSSL is okay in Debian without first verifying that position with the authors and copyright holders, since that position is controversial and many contributors to GPLv2 software disagree with it. One of the things I have always appreciated about Debian is its ability to work well with upstream authors and I'd like to see that continue here. [0] https://lists.debian.org/debian-devel/2005/11/msg00104.html and following thread [1] https://lists.debian.org/debian-devel/2020/10/msg00168.html [2] If this proves to be totally impossible and the GCC project is completely intransigent, I will grant an exception, but I can only do so on behalf of myself. -- brian m. carlson (they/them or he/him) Toronto, Ontario, CA
signature.asc
Description: PGP signature
